Merge pull request #34 from jensdietrich/make-fixVersion-optional

Make `fixVersion` metadata field optional and add final CVE's metadata
jensdietrich · Sep 28, 2023 · a2d8b31 · a2d8b31
2 parents 3cc5046 + f82a244
commit a2d8b31
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/CVE-2019-0225/mvn_clean_test.exitstatus b/CVE-2019-0225/mvn_clean_test.exitstatus
diff --git a/CVE-2019-0225/pov-project.json b/CVE-2019-0225/pov-project.json
@@ -0,0 +1,19 @@
+{
+  "id": "CVE-2019-0225",
+  "artifact": "org.apache.jspwiki:jspwiki-war",
+  "vulnerableVersions": [
+    "2.10.0",
+    "2.10.1",
+    "2.10.2",
+    "2.10.3",
+    "2.10.4",
+    "2.10.5",
+    "2.11.0.M1",
+    "2.11.0.M2"
+  ],
+  "testSignalWhenVulnerable": "failure",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2019-0225",
+    "https://github.com/advisories/GHSA-pffw-p2q5-w6vh"
+  ]
+}
diff --git a/tools/pov-project-schema.cue b/tools/pov-project-schema.cue
@@ -5,7 +5,8 @@
 	artifact: string
 	// At least one version must be provided
 	vulnerableVersions: [string, ...string]
-	fixVersion: string
+	// The earliest version in which the vulnerability is fixed, if said exists
+	fixVersion?: string
 	// The JDK version to build and run the PoV tests with
 	jdkVersion?: "7" | "8" | "11" | "17"
 	testSignalWhenVulnerable: "success" | "failure"