-
Type:
Improvement
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
The vulnerabilities array of the JSON CSAF schema defines a "propertyNames" restriction (which properties are allowed in a "vulnerability").
Suggest that we remove this restriction, since the goal of the JSON format is to allow for downstream clients to experiment with extensibility.
In practice, it turns out to be a small amount of code to programmatically add these kinds of restrictions. That is, it is easy to write code to read the schema file, enumerate all the properties of an object, and add propertyNames restrictions on all objects. Such a schema can then be used to ensure exact compliance with the specification - with no extra properties specified. It is therefore of limited value to build such constraints into the base specification.