Report
avidtools.datamodels.report
A report is one example of a particular vulnerability occurring, and is potentially more granular and reproducible based on the references provided in that report.
Class definitions for AVID report.
- pydantic model ReportMetadata[source]
Bases:
BaseModelMetadata class for a report.
Show JSON schema
{ "title": "ReportMetadata", "description": "Metadata class for a report.", "type": "object", "properties": { "report_id": { "title": "Report Id", "type": "string" } }, "required": [ "report_id" ] }
- Fields:
- field report_id: str [Required]
- pydantic model Report[source]
Bases:
BaseModelTop-level class to store an AVID report.
Show JSON schema
{ "title": "Report", "description": "Top-level class to store an AVID report.", "type": "object", "properties": { "data_type": { "title": "Data Type", "default": "AVID", "type": "string" }, "data_version": { "title": "Data Version", "type": "string" }, "metadata": { "$ref": "#/definitions/ReportMetadata" }, "affects": { "$ref": "#/definitions/Affects" }, "problemtype": { "$ref": "#/definitions/Problemtype" }, "metrics": { "title": "Metrics", "type": "array", "items": { "$ref": "#/definitions/Metric" } }, "references": { "title": "References", "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "description": { "$ref": "#/definitions/LangValue" }, "impact": { "$ref": "#/definitions/Impact" }, "credit": { "title": "Credit", "type": "array", "items": { "$ref": "#/definitions/LangValue" } }, "reported_date": { "title": "Reported Date", "type": "string", "format": "date" } }, "definitions": { "ReportMetadata": { "title": "ReportMetadata", "description": "Metadata class for a report.", "type": "object", "properties": { "report_id": { "title": "Report Id", "type": "string" } }, "required": [ "report_id" ] }, "ArtifactTypeEnum": { "title": "ArtifactTypeEnum", "description": "Whether the artifact is a dataset, model, or system.", "enum": [ "Dataset", "Model", "System" ], "type": "string" }, "Artifact": { "title": "Artifact", "description": "Type and name of an affected artifact.", "type": "object", "properties": { "type": { "$ref": "#/definitions/ArtifactTypeEnum" }, "name": { "title": "Name", "type": "string" } }, "required": [ "type", "name" ] }, "Affects": { "title": "Affects", "description": "Information on Artifact(s) affected by this report.", "type": "object", "properties": { "developer": { "title": "Developer", "type": "array", "items": { "type": "string" } }, "deployer": { "title": "Deployer", "type": "array", "items": { "type": "string" } }, "artifacts": { "title": "Artifacts", "type": "array", "items": { "$ref": "#/definitions/Artifact" } } }, "required": [ "developer", "deployer", "artifacts" ] }, "ClassEnum": { "title": "ClassEnum", "description": "All report/vulnerability classes.", "enum": [ "AIID Incident", "ATLAS Case Study", "CVE Entry", "LLM Evaluation", "Undefined" ], "type": "string" }, "TypeEnum": { "title": "TypeEnum", "description": "All report/vulnerability types.", "enum": [ "Issue", "Advisory", "Measurement", "Detection" ], "type": "string" }, "LangValue": { "title": "LangValue", "description": "Generic class to store a string with its language specified.", "type": "object", "properties": { "lang": { "title": "Lang", "type": "string" }, "value": { "title": "Value", "type": "string" } }, "required": [ "lang", "value" ] }, "Problemtype": { "title": "Problemtype", "description": "Description of the problem a report/vuln is concerned with.", "type": "object", "properties": { "classof": { "$ref": "#/definitions/ClassEnum" }, "type": { "$ref": "#/definitions/TypeEnum" }, "description": { "$ref": "#/definitions/LangValue" } }, "required": [ "classof", "description" ] }, "MethodEnum": { "title": "MethodEnum", "description": "The values a detection method can take.", "enum": [ "Significance Test", "Static Threshold" ], "type": "string" }, "Detection": { "title": "Detection", "description": "Method to detect a specific issue.", "type": "object", "properties": { "type": { "$ref": "#/definitions/MethodEnum" }, "name": { "title": "Name", "type": "string" } }, "required": [ "type", "name" ] }, "Metric": { "title": "Metric", "description": "Quantification of the issue in a specific report.", "type": "object", "properties": { "name": { "title": "Name", "type": "string" }, "detection_method": { "$ref": "#/definitions/Detection" }, "results": { "title": "Results", "type": "object" } }, "required": [ "name", "detection_method", "results" ] }, "Reference": { "title": "Reference", "description": "Details for a reference of a report/vulnerability.", "type": "object", "properties": { "type": { "title": "Type", "type": "string" }, "label": { "title": "Label", "type": "string" }, "url": { "title": "Url", "type": "string" } }, "required": [ "label", "url" ] }, "SepEnum": { "title": "SepEnum", "description": "All (sub)categories of the SEP view of the AVID taxonomy.", "enum": [ "S0100: Software Vulnerability", "S0200: Supply Chain Compromise", "S0201: Model Compromise", "S0202: Software Compromise", "S0300: Over-permissive API", "S0301: Information Leak", "S0302: Excessive Queries", "S0400: Model Bypass", "S0401: Bad Features", "S0402: Insufficient Training Data", "S0403: Adversarial Example", "S0500: Exfiltration", "S0501: Model inversion", "S0502: Model theft", "S0600: Data Poisoning", "S0601: Ingest Poisoning", "E0100: Bias/ Discrimination", "E0101: Group fairness", "E0102: Individual fairness", "E0200: Explainability", "E0201: Global explanations", "E0202: Local explanations", "E0300: User actions", "E0301: Toxicity", "E0302: Polarization/ Exclusion", "E0400: Misinformation", "E0401: Deliberative Misinformation", "E0402: Generative Misinformation", "P0100: Data issues", "P0101: Data drift", "P0102: Concept drift", "P0103: Data entanglement", "P0104: Data quality issues", "P0105: Feedback loops", "P0200: Model issues", "P0201: Resilience/ Stability", "P0202: OOD generalization", "P0203: Scaling", "P0204: Accuracy", "P0300: Privacy", "P0301: Anonymization", "P0302: Randomization", "P0303: Encryption", "P0400: Safety", "P0401: Psychological Safety", "P0402: Physical safety", "P0403: Socioeconomic safety", "P0404: Environmental safety" ], "type": "string" }, "LifecycleEnum": { "title": "LifecycleEnum", "description": "All (sub)categories of the lifecycle view of the AVID taxonomy.", "enum": [ "L01: Business Understanding", "L02: Data Understanding", "L03: Data Preparation", "L04: Model Development", "L05: Evaluation", "L06: Deployment" ], "type": "string" }, "AvidTaxonomy": { "title": "AvidTaxonomy", "description": "AVID taxonomy mappings of a report/vulnerability.", "type": "object", "properties": { "vuln_id": { "title": "Vuln Id", "type": "string" }, "risk_domain": { "title": "Risk Domain", "type": "array", "items": { "type": "string" } }, "sep_view": { "type": "array", "items": { "$ref": "#/definitions/SepEnum" } }, "lifecycle_view": { "type": "array", "items": { "$ref": "#/definitions/LifecycleEnum" } }, "taxonomy_version": { "title": "Taxonomy Version", "type": "string" } }, "required": [ "risk_domain", "sep_view", "lifecycle_view", "taxonomy_version" ] }, "Impact": { "title": "Impact", "description": "Impact information of a report/vulnerability, e.g. different taxonomy mappings, harm and severity scores.", "type": "object", "properties": { "avid": { "$ref": "#/definitions/AvidTaxonomy" } }, "required": [ "avid" ] } } }
- field data_type: str = 'AVID'
Namespace for the report. Set to AVID by default, change this only if you’re adopting these datamodels to stand up your own vulnerability database.
- field data_version: str = None
Latest version of the data.
- field metadata: ReportMetadata = None
Metadata for the report.
- field problemtype: Problemtype = None
Description of the problem a report is concerned with.
- field metrics: List[Metric] = None
Quantitative results pertaining to the issues raised in a specific report.
- field impact: Impact = None
Impact information, e.g. different taxonomy mappings, harm and severity scores.
- field reported_date: date = None
Date reported.