From aa230a7116dc2718d97cf4f968bdf03e52f2195f Mon Sep 17 00:00:00 2001 From: Jon Moroney Date: Tue, 12 Nov 2024 15:50:05 -0800 Subject: [PATCH] Remove example collection URLs from the CVE schema file Kicking up a minimal PR to make the schema file itself a little easier to parse (for a human). The examples seem like they are not relevant for a machine, but please correct me if I'm wrong in that assumption. Open to changing where the documentation for the examples goes, fleshing out the new markdown file more, or whatever else seems like a good idea prior to merging this PR. Let me know what you all think and/or if this is a bad idea and we can close it out without merge too :) --- schema/CVE_Record_Format.json | 65 --------------------------- schema/docs/CVE_Record_Format.md | 75 ++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 65 deletions(-) create mode 100644 schema/docs/CVE_Record_Format.md diff --git a/schema/CVE_Record_Format.json b/schema/CVE_Record_Format.json index f74450c32c..3c2ef7e83c 100644 --- a/schema/CVE_Record_Format.json +++ b/schema/CVE_Record_Format.json @@ -122,71 +122,6 @@ "collectionURL": { "description": "URL identifying a package collection (determines the meaning of packageName).", "$ref": "#/definitions/uriType", - "examples": [ - "https://access.redhat.com/downloads/content/package-browser", - "https://addons.mozilla.org", - "https://addons.thunderbird.net", - "https://anaconda.org/anaconda/repo", - "https://app.vagrantup.com/boxes/search", - "https://apps.apple.com", - "https://archlinux.org/packages", - "https://atmospherejs.meteor.com", - "https://atom.io/packages", - "https://bitbucket.org", - "https://bower.io", - "https://brew.sh/", - "https://chocolatey.org/packages", - "https://chrome.google.com/webstore", - "https://clojars.org", - "https://cocoapods.org", - "https://code.dlang.org", - "https://conan.io/center", - "https://cpan.org/modules", - "https://cran.r-project.org", - "https://crates.io", - "https://ctan.org/pkg", - "https://drupal.org", - "https://exchange.adobe.com", - "https://forge.puppet.com/modules", - "https://github.com", - "https://gitlab.com/explore", - "https://golang.org/pkg", - "https://guix.gnu.org/packages", - "https://hackage.haskell.org", - "https://helm.sh", - "https://hub.docker.com", - "https://juliahub.com", - "https://lib.haxe.org", - "https://luarocks.org", - "https://marketplace.visualstudio.com", - "https://melpa.org", - "https://microsoft.com/en-us/store/apps", - "https://nimble.directory", - "https://nuget.org/packages", - "https://opam.ocaml.org/packages", - "https://openwrt.org/packages/index", - "https://package.elm-lang.org", - "https://packagecontrol.io", - "https://packages.debian.org", - "https://packages.gentoo.org", - "https://packagist.org", - "https://pear.php.net/packages.php", - "https://pecl.php.net", - "https://platformio.org/lib", - "https://play.google.com/store", - "https://plugins.gradle.org", - "https://projects.eclipse.org", - "https://pub.dev", - "https://pypi.python.org", - "https://registry.npmjs.org", - "https://registry.terraform.io", - "https://repo.hex.pm", - "https://repo.maven.apache.org/maven2", - "https://rubygems.org", - "https://search.nixos.org/packages", - "https://sourceforge.net", - "https://wordpress.org/plugins" - ] }, "packageName": { "type": "string", diff --git a/schema/docs/CVE_Record_Format.md b/schema/docs/CVE_Record_Format.md new file mode 100644 index 0000000000..73aa65f6b4 --- /dev/null +++ b/schema/docs/CVE_Record_Format.md @@ -0,0 +1,75 @@ +# Supporting documentation for the CVE_Record_Format.json file + +Stub of a doc for now, but pending agreement on its utility the idea is for this file to be a human readable companion for the schema file itself. + +### collectionURL +A collectionURL is a standard uri as defined by the (uriType)[https://github.com/CVEProject/cve-schema/blob/main/schema/CVE_Record_Format.json#L7] definition. + +Examples include +``` +"examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] +``` \ No newline at end of file