Merge pull request #32 from RedHatProductSecurity/csaf-vex-guidelines

Csaf vex guidelines
RedHatProductSecurity · Sep 27, 2024 · 6a18061 · 6a18061
2 parents 9f98acf + e531e52
commit 6a18061
Show file tree

Hide file tree

Showing 5 changed files with 756 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 .cache
 *.egg-info/
 .tox
+/.idea/
+
diff --git a/README.md b/README.md
@@ -12,3 +12,9 @@ source venv/bin/activate
 pip install -r requirements/docs-requirements.txt
 mkdocs serve
 ```
+
+If you're running on MacOS and experience issues with the `cairo` dependency, try adding the following:
+
+```
+brew install cairo
+```
diff --git a/csaf-vex/csaf-vex.json b/csaf-vex/csaf-vex.json
@@ -0,0 +1,217 @@
+{
+  "document": {
+    "aggregate_severity": {
+      "namespace": "https://access.redhat.com/security/updates/classification/",
+      "text": ""
+    },
+    "category": "csaf_vex",
+    "csaf_version": "2.0",
+    "distribution": {
+      "text": "Copyright © Red Hat, Inc. All rights reserved.",
+      "tlp": {
+        "label": "WHITE",
+        "url": "https://www.first.org/tlp/"
+      }
+    },
+    "lang": "en",
+    "notes": [
+      {
+        "category": "legal_disclaimer",
+        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
+        "title": "Terms of Use"
+      }
+    ],
+    "publisher": {
+      "category": "vendor",
+      "contact_details": "https://access.redhat.com/security/team/contact/",
+      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
+      "name": "Red Hat Product Security",
+      "namespace": "https://www.redhat.com"
+    },
+    "references": [
+      {
+        "category": "self",
+        "summary": "Canonical URL",
+        "url": ""
+      }
+    ],
+    "title": "",
+    "tracking": {
+      "current_release_date": "",
+      "generator": {
+        "date": "",
+        "engine": {
+          "name": "",
+          "version": ""
+        }
+      },
+      "id": "",
+      "initial_release_date": "",
+      "revision_history": [
+        {
+          "date": "",
+          "number": "",
+          "summary": ""
+        }
+      ],
+      "status": "",
+      "version": ""
+    }
+  },
+  "product_tree": {
+    "branches": [
+      {
+        "branches": [
+          {
+            "branches": [
+              {
+                "category": "product_name",
+                "name": "",
+                "product": {
+                  "name": "",
+                  "product_id": "",
+                  "product_identification_helper": {
+                    "cpe": ""
+                  }
+                }
+              }
+            ],
+            "category": "product_family",
+            "name": "Red Hat Enterprise Linux 6"
+          },
+          {
+            "category": "product_version",
+            "name": "kernel",
+            "product": {
+              "name": "kernel",
+              "product_id": "kernel",
+              "product_identification_helper": {
+                "purl": "pkg:rpm/redhat/kernel?arch=src"
+              }
+            }
+          },
+        ],
+        "category": "vendor",
+        "name": "Red Hat"
+      }
+    ],
+    "relationships": [
+      {
+        "category": "default_component_of",
+        "full_product_name": {
+          "name": "",
+          "product_id": ""
+        },
+        "product_reference": "",
+        "relates_to_product_reference": ""
+      }
+    ]
+  },
+  "vulnerabilities": [
+    {
+      "acknowledgments": [
+        {
+          "names": [
+
+          ]
+        }
+      ],
+      "cve": "",
+      "cwe": {
+        "id": "",
+        "name": ""
+      },
+      "discovery_date": "",
+      "flags": [
+        {
+          "label": "",
+          "product_ids": [
+          ]
+        }
+      ],
+      "ids": [
+        {
+          "system_name": "Red Hat Bugzilla ID",
+          "text": ""
+        }
+      ],
+      "notes": [
+        {
+          "category": "description",
+          "text": "",
+          "title": "Vulnerability description"
+        },
+        {
+          "category": "summary",
+          "text": "",
+          "title": "Vulnerability summary"
+        },
+        {
+          "category": "other",
+          "text": "",
+          "title": "Statement"
+        },
+        {
+          "category": "general",
+          "text": "",
+          "title": "CVSS score applicability"
+        }
+      ],
+      "product_status": {
+        "fixed": [
+        ],
+        "known_affected": [
+        ],
+        "known_not_affected": [
+        ],
+        "under_investigation": [
+        ]
+      },
+      "references": [
+        {
+          "category": "self",
+          "summary": "Canonical URL",
+          "url": ""
+        }
+      ],
+      "release_date": "",
+      "remediations": [
+        {
+          "category": "",
+          "details": "",
+          "product_ids": [
+          ]
+        }
+      ],
+      "scores": [
+        {
+          "cvss_v3": {
+            "attackComplexity": "",
+            "attackVector": "",
+            "availabilityImpact": "",
+            "baseScore": ,
+            "baseSeverity": "",
+            "confidentialityImpact": "",
+            "integrityImpact": "",
+            "privilegesRequired": "",
+            "scope": "",
+            "userInteraction": "",
+            "vectorString": "",
+            "version": "3.1"
+          },
+          "products": [
+          ]
+        }
+      ],
+      "threats": [
+        {
+          "category": "impact",
+          "details": "",
+          "product_ids": [
+          ]
+        }
+      ],
+      "title": ""
+    }
+  ]
+}