You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
to allow arbitrary additional properties that begin with an x_ substring. In CVE Services, JSON documents need to be stored in Amazon DocumentDB, which does not allow dot characters:
Amazon DocumentDB does not support dots "." in a document field name
Suppose I want to provide data in my CNA container about the number of patients who were harmed by exploitation of a vulnerability on the CVE List. I want to indicate that this data is associated with the org.mitre.synthea namespace as shown at:
This is valid according to the schema. However, CVE Services does not accept a CVE Record submission with this. DocumentDB fails with writeError, and the CVE Services API implementation then (more or less) relies on a top-level error handler to return this to the client:
{"error":"SERVICE_NOT_AVAILABLE","message":"This service appears to not be available."}
Because the underlying implementation (the DocumentDB dependency) is unlikely to be changed anytime soon, it may be useful to inform the user community that dots aren't allowed (especially because of the inscrutable "not be available" error message).
One way to do this is by changing the schema, e.g.,
(This only helps with properties at certain places in a document. It doesn't prevent use of a dot in a field name within a custom nested data structure designed by a CNA or ADP.)
The schema has a few instances of:
to allow arbitrary additional properties that begin with an x_ substring. In CVE Services, JSON documents need to be stored in Amazon DocumentDB, which does not allow dot characters:
Suppose I want to provide data in my CNA container about the number of patients who were harmed by exploitation of a vulnerability on the CVE List. I want to indicate that this data is associated with the org.mitre.synthea namespace as shown at:
For example:
This is valid according to the schema. However, CVE Services does not accept a CVE Record submission with this. DocumentDB fails with writeError, and the CVE Services API implementation then (more or less) relies on a top-level error handler to return this to the client:
Because the underlying implementation (the DocumentDB dependency) is unlikely to be changed anytime soon, it may be useful to inform the user community that dots aren't allowed (especially because of the inscrutable "not be available" error message).
One way to do this is by changing the schema, e.g.,
(This only helps with properties at certain places in a document. It doesn't prevent use of a dot in a field name within a custom nested data structure designed by a CNA or ADP.)
Alternatively, there could be some type of guidance document at https://cveproject.github.io/automation-transition to cover known restrictions on JSON 5 documents and API performance.
The text was updated successfully, but these errors were encountered: