"""
Component data classes used in AVID report and vulnerability datamodels.
"""
from typing import Dict, List, Optional
from pydantic import BaseModel
from .enums import (
ArtifactTypeEnum,
ClassEnum,
LifecycleEnum,
MethodEnum,
SepEnum,
TypeEnum,
)
[docs]
class LangValue(BaseModel):
"""Generic class to store a string with its language specified."""
lang: str
value: str
[docs]
class Artifact(BaseModel):
"""Type and name of an affected artifact."""
type: ArtifactTypeEnum
name: str
[docs]
class Detection(BaseModel):
"""Method to detect a specific issue."""
type: MethodEnum
name: str
[docs]
class Affects(BaseModel):
"""Information on Artifact(s) affected by this report."""
developer: List[str]
deployer: List[str]
artifacts: List[Artifact]
[docs]
class Problemtype(BaseModel):
"""Description of the problem a report/vuln is concerned with."""
classof: ClassEnum
type: Optional[TypeEnum] = None
description: LangValue
[docs]
class Metric(BaseModel):
"""Quantification of the issue in a specific report."""
name: str
detection_method: Detection
results: Dict
[docs]
class Reference(BaseModel):
"""Details for a reference of a report/vulnerability."""
type: Optional[str] = None
label: str
# AnyUrl is a better fit, but keeping this because submissions
# are not standard yet
url: str
class Config: # type is excluded if None
fields = {"type": {"exclude": True}}
[docs]
class AtlasTaxonomy(BaseModel):
"""ATLAS taxonomy mappings representing attack procedure steps."""
tactic: Optional[str] = None
technique: Optional[str] = None
description: Optional[str] = None
class Config: # Fields are excluded if None
fields = {
"tactic": {"exclude": True},
"technique": {"exclude": True},
"description": {"exclude": True}
}
[docs]
class AvidTaxonomy(BaseModel):
"""AVID taxonomy mappings of a report/vulnerability."""
vuln_id: Optional[str] = None
risk_domain: List[str]
sep_view: List[SepEnum]
lifecycle_view: List[LifecycleEnum]
taxonomy_version: str
class Config: # vuln_id is excluded if None
fields = {"vuln_id": {"exclude": True}}
[docs]
class CVSSScores(BaseModel):
"""CVSS v3.0/v3.1 severity metrics."""
version: str
vectorString: str
baseScore: float
baseSeverity: str
attackVector: Optional[str] = None
attackComplexity: Optional[str] = None
privilegesRequired: Optional[str] = None
userInteraction: Optional[str] = None
scope: Optional[str] = None
confidentialityImpact: Optional[str] = None
integrityImpact: Optional[str] = None
availabilityImpact: Optional[str] = None
[docs]
class CWETaxonomy(BaseModel):
"""CWE (Common Weakness Enumeration) taxonomy mapping."""
cweId: str
description: Optional[str] = None
lang: Optional[str] = None
[docs]
class JailbreakTaxonomyItem(BaseModel):
"""0DIN Jailbreak Taxonomy item with Category, Strategy, and Technique."""
Category: Optional[str] = None
Strategy: Optional[str] = None
Technique: Optional[str] = None
class Config: # Fields are excluded if None
fields = {
"Category": {"exclude": True},
"Strategy": {"exclude": True},
"Technique": {"exclude": True}
}
[docs]
class OdinTaxonomy(BaseModel):
"""0DIN taxonomy mapping for AI security disclosures."""
SocialImpactScore: Optional[str] = None
JailbreakTaxonomy: Optional[List[JailbreakTaxonomyItem]] = None
class Config: # Fields are excluded if None
fields = {
"SocialImpactScore": {"exclude": True},
"JailbreakTaxonomy": {"exclude": True}
}
[docs]
class Impact(BaseModel):
"""Impact information of a report/vulnerability.
E.g. different taxonomy mappings, harm and severity scores.
"""
avid: Optional[AvidTaxonomy] = None
atlas: Optional[List[AtlasTaxonomy]] = None
cvss: Optional[CVSSScores] = None
cwe: Optional[List[CWETaxonomy]] = None
odin: Optional[OdinTaxonomy] = None
class Config: # Fields are excluded if None
fields = {
"avid": {"exclude": True},
"atlas": {"exclude": True},
"cvss": {"exclude": True},
"cwe": {"exclude": True},
"odin": {"exclude": True}
}