ICSA-23-075-06: Invalid URIs

Question

ICSA-23-075-06: Invalid URIs

tschmidtb51 opened this issue 5 months ago · 2 comments

🐛 Summary

ICSA-23-075-06 contains in /vulnerabilities[]/remediations[4]/url and /vulnerabilities[]/remediations[8]/url the string http://process.honeywell.com%20/. If I'm not completely wrong, this is not a valid URL (as it contains the %20 as part of the domain name).

To reproduce

Steps to reproduce the behavior:

Get the ICSA-23-075-06](https://raw.githubusercontent.com/cisagov/CSAF/50a6a8aa45d766db17d9c84763b00902a8ae219e/csaf_files/OT/white/2023/icsa-23-075-06.json).
Use the csaf-validator to check the file.

Expected behavior

The file should conform the schema.

Any helpful log output or screenshots

Paste the results here:

$ csaf_validator csaf_files/OT/white/2023/icsa-23-075-06.json
schema validation errors of "csaf_files/OT/white/2023/icsa-23-075-06.json"
  * https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json#: doesn't validate with https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json#
  * /vulnerabilities/0/remediations/4/url: 'http://process.honeywell.com%20/' is not valid 'uri'
  * /vulnerabilities/0/remediations/8/url: 'http://process.honeywell.com%20/' is not valid 'uri'
  * /vulnerabilities/1/remediations/4/url: 'http://process.honeywell.com%20/' is not valid 'uri'
  * /vulnerabilities/1/remediations/8/url: 'http://process.honeywell.com%20/' is not valid 'uri'
  * /vulnerabilities/2/remediations/4/url: 'http://process.honeywell.com%20/' is not valid 'uri'
  * /vulnerabilities/2/remediations/8/url: 'http://process.honeywell.com%20/' is not valid 'uri'

Answer 1 · 2024-07-16T20:19:12.000Z

Resolved as of commit ee9bde3

Thank you for sharing this issue with us.

Answer 2 · 2024-07-17T20:37:03.000Z

Unfortunately, the change missed to update the version and add a revision_history element.