From 5d29b243f9d6770cea57a93f3441e82a2df5b392 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Wed, 6 Oct 2021 10:31:31 -0400 Subject: [PATCH] schema/v5.0: require at least one English-language description Per CNA rules, descriptions must contain at least one English-language description, which we take to mean a BCP 47 language tag beginning with "en". Fixes #112. --- schema/v5.0/CVE_JSON_5.0.schema | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/schema/v5.0/CVE_JSON_5.0.schema b/schema/v5.0/CVE_JSON_5.0.schema index 570ba2c5dd6..373673f9142 100644 --- a/schema/v5.0/CVE_JSON_5.0.schema +++ b/schema/v5.0/CVE_JSON_5.0.schema @@ -739,6 +739,12 @@ ], "additionalProperties": false }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": {"lang": {"$ref": "#/definitions/englishLanguage"}}, + "required": ["lang"] + }, "descriptions": { "type": "array", "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", @@ -746,6 +752,9 @@ "uniqueItems": true, "items": { "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" } }, "problemTypes": { @@ -1028,6 +1037,11 @@ "default": "en", "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, "taxonomyMappings": { "type": "array", "description": "List of taxonomy items related to the vulnerability",