some updates on GSD progress

2 views
Skip to first unread message

Kurt Seifried

unread,
Aug 31, 2022, 11:45:36 PMAug 31
to GSD Discussion Group
So I've been working on various scripts to enrich the data (https://github.com/kurtseifried/gsd-data-enrichment) and convert it to correct OSV (not available yet). As a part of that, I've started a JSON schema validator that:

Handles OSV files from direct OSV providers (e.g. GHSA, OSV.dev) (done)
Handles CVE files directly from CVE (done)
Handles GSD files, more specifically: the root is OSV, and the namespaces (cve.org, nvd.nist.gov), partially done

Effectively think of this as meta-test-driven development (TDD) and easy as possible, and also we need to validate our data concerning schema, and in the longer-term the content of data where possible. It's available at https://github.com/cloudsecurityalliance/gsd-tools/tree/main/local-scripts/schema-validator and not complete (e.g. the NVD stuff is actually multiple schemas, coming out of beta on Sept 9 so I figure I might as well wait). 

Ultimately the goal is to validate all the data we will typically consume and of course, validate the data we're creating, people are editing and submitting and so on. 

And yes, the code is ugly; I plan to tidy it up and optimize it a bit once it's more complete and it's clear what needs to be optimized and cleaned up. Also, the output is horrendous, intentionally, so I (or someone else) will fix it eventually. I'm thinking CSV (who doesn't love a good spreadsheet?).

To use the tool just run it, e.g.:

../gsd-tools/local-scripts/schema-validator/validate-json-file.py 2022/1000xxx/GSD-2022-1000736.json

slightly cleaned up output:

###########################################################################
FILENAME: GSD-2022-1000736.json
########################################
OSV
####################
'versions' is a required property
########################################
GSD
####################
'id' is a required property
####################
'modified' is a required property
#####

Kurt Seifried (He/Him)
Chief Blockchain Officer and Director of Special Projects
Cloud Security Alliance
Reply all
Reply to author
Forward
0 new messages