security/vuxml: Add CWE information
Needs ReviewPublic
Actions

Authored by trasz on Dec 9 2024, 7:17 PM.

Details

Reviewers

philip
brooks

Group Reviewers

security

Summary

This updates "make newentry" to also include CWE information.
Requires VuXML 1.2.

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 61053
Build 57937: arc lint + arc unit

Event Timeline

trasz requested review of this revision.Dec 9 2024, 7:17 PM

trasz created this revision.

Harbormaster completed remote builds in B61053: Diff 147741.Dec 9 2024, 7:17 PM

Note that for now this requires new schema files, to be found at:

https://people.freebsd.org/~trasz/vuxml-12.dtd
https://people.freebsd.org/~trasz/vuxml-model-12.mod

Otherwise "make validate" will fail.

This looks good to me, but please wait for the security team to discuss this before committing. I have no idea what (if any) downstream consumers we have and how this will affect them. We have not touched this schema since 2005.

trasz added a reviewer: brooks.Dec 16 2024, 3:55 PM

This looks good to me from vuxml side.

But it might be interesting to take a look at the pkg_audit.c including cwe into structure and parse entry.

Revision Contents
Changeset List

Path

Size

security/

vuxml/

files/

13 lines

2 lines

3 lines

2 lines

Diff 147741

View Options

security/vuxml/files/newentry.sh

View Options

security/vuxml/files/tidy.xsl

View Options

security/vuxml/files/validate.sh

View Options

security/vuxml: Add CWE informationNeeds ReviewPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 147741

security/vuxml/files/newentry.sh

security/vuxml/files/tidy.xsl

security/vuxml/files/validate.sh

security/vuxml/vuln.xml

security/vuxml: Add CWE information
Needs ReviewPublic
Actions

Revision Contents
Changeset List