Merge pull request #473 from cintek/main

Adding advisory model

README.md

@@ -10,6 +10,9 @@ Can be used for automated forwarding of CSAF documents.
 ### [csaf_validator](docs/csaf_validator.md)
 is a tool to validate local advisories files against the JSON Schema and an optional remote validator.
 
+### [csaf_searcher](docs/csaf_searcher.md)
+is a tool to search through local advisories. It finds PURLs based on the product ID of an advisory.
+
 ## Tools for advisory providers
 
 ### [csaf_provider](docs/csaf_provider.md)
@@ -56,6 +59,12 @@ Download the binaries from the most recent release assets on Github.
 
 Binaries will be placed in directories named like `bin-linux-amd64/` and `bin-windows-amd64/`.
 
+- Maintainers only: No need to do this if you have cloned this repository for unmodified usage only.
+```
+go generate ./...
+```
+will update the machine generated code.
+
 
 ### Setup (Trusted Provider)
 

cmd/csaf_searcher/main.go

@@ -0,0 +1,126 @@
+// Package main implements a simple demo program to
+// work with the csaf_distribution library.
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"slices"
+	"strings"
+
+	"github.com/csaf-poc/csaf_distribution/v3/csaf"
+)
+
+func main() {
+	flag.Usage = func() {
+		fmt.Fprintf(flag.CommandLine.Output(),
+			"Usage:\n  %s [OPTIONS] files...\n\nOptions:\n", os.Args[0])
+		flag.PrintDefaults()
+	}
+	idsString := flag.String("p", "", "ID1,ID2,...")
+	flag.Parse()
+
+	files := flag.Args()
+	if len(files) == 0 {
+		log.Println("No files given.")
+		return
+	}
+	if err := run(files, *idsString); err != nil {
+		log.Fatalf("error: %v\n", err)
+	}
+}
+
+// run prints PURLs belonging to the given Product IDs.
+func run(files []string, ids string) error {
+
+	uf := newURLFinder(strings.Split(ids, ","))
+
+	for _, file := range files {
+		adv, err := csaf.LoadAdvisory(file)
+		if err != nil {
+			return fmt.Errorf("loading %q failed: %w", file, err)
+		}
+		uf.findURLs(adv)
+		uf.dumpURLs()
+		uf.clear()
+	}
+
+	return nil
+}
+
+// urlFinder helps to find the URLs of a set of product ids in advisories.
+type urlFinder struct {
+	ids  []csaf.ProductID
+	urls [][]csaf.PURL
+}
+
+// newURLFinder creates a new urlFinder for given ids.
+func newURLFinder(ids []string) *urlFinder {
+	uf := &urlFinder{
+		ids:  make([]csaf.ProductID, len(ids)),
+		urls: make([][]csaf.PURL, len(ids)),
+	}
+	for i := range uf.ids {
+		uf.ids[i] = csaf.ProductID(ids[i])
+	}
+	return uf
+}
+
+// clear resets the url finder after a run on an advisory.
+func (uf *urlFinder) clear() {
+	clear(uf.urls)
+}
+
+// dumpURLs dumps the found URLs to stdout.
+func (uf *urlFinder) dumpURLs() {
+	for i, urls := range uf.urls {
+		if len(urls) == 0 {
+			continue
+		}
+		fmt.Printf("Found URLs for %s:\n", uf.ids[i])
+		for j, url := range urls {
+			fmt.Printf("%d. %s\n", j+1, url)
+		}
+	}
+}
+
+// findURLs find the URLs in an advisory.
+func (uf *urlFinder) findURLs(adv *csaf.Advisory) {
+	tree := adv.ProductTree
+	if tree == nil {
+		return
+	}
+
+	// If we have found it and we have a valid URL add unique.
+	add := func(idx int, h *csaf.ProductIdentificationHelper) {
+		if idx != -1 && h != nil && h.PURL != nil &&
+			!slices.Contains(uf.urls[idx], *h.PURL) {
+			uf.urls[idx] = append(uf.urls[idx], *h.PURL)
+		}
+	}
+
+	// First iterate over full product names.
+	if names := tree.FullProductNames; names != nil {
+		for _, name := range *names {
+			if name != nil && name.ProductID != nil {
+				add(slices.Index(uf.ids, *name.ProductID), name.ProductIdentificationHelper)
+			}
+		}
+	}
+
+	// Second traverse the branches recursively.
+	var recBranch func(*csaf.Branch)
+	recBranch = func(b *csaf.Branch) {
+		if p := b.Product; p != nil && p.ProductID != nil {
+			add(slices.Index(uf.ids, *p.ProductID), p.ProductIdentificationHelper)
+		}
+		for _, c := range b.Branches {
+			recBranch(c)
+		}
+	}
+	for _, b := range tree.Branches {
+		recBranch(b)
+	}
+}

csaf/cvss20enums.go

@@ -0,0 +1,314 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+//
+// THIS FILE IS MACHINE GENERATED. EDIT WITH CARE!
+
+package csaf
+
+// CVSS20AccessComplexity represents the accessComplexityType in CVSS20.
+type CVSS20AccessComplexity string
+
+const (
+	// CVSS20AccessComplexityHigh is a constant for "HIGH".
+	CVSS20AccessComplexityHigh CVSS20AccessComplexity = "HIGH"
+	// CVSS20AccessComplexityMedium is a constant for "MEDIUM".
+	CVSS20AccessComplexityMedium CVSS20AccessComplexity = "MEDIUM"
+	// CVSS20AccessComplexityLow is a constant for "LOW".
+	CVSS20AccessComplexityLow CVSS20AccessComplexity = "LOW"
+)
+
+var cvss20AccessComplexityPattern = alternativesUnmarshal(
+	string(CVSS20AccessComplexityHigh),
+	string(CVSS20AccessComplexityMedium),
+	string(CVSS20AccessComplexityLow),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20AccessComplexity) UnmarshalText(data []byte) error {
+	s, err := cvss20AccessComplexityPattern(data)
+	if err == nil {
+		*e = CVSS20AccessComplexity(s)
+	}
+	return err
+}
+
+// CVSS20AccessVector represents the accessVectorType in CVSS20.
+type CVSS20AccessVector string
+
+const (
+	// CVSS20AccessVectorNetwork is a constant for "NETWORK".
+	CVSS20AccessVectorNetwork CVSS20AccessVector = "NETWORK"
+	// CVSS20AccessVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".
+	CVSS20AccessVectorAdjacentNetwork CVSS20AccessVector = "ADJACENT_NETWORK"
+	// CVSS20AccessVectorLocal is a constant for "LOCAL".
+	CVSS20AccessVectorLocal CVSS20AccessVector = "LOCAL"
+)
+
+var cvss20AccessVectorPattern = alternativesUnmarshal(
+	string(CVSS20AccessVectorNetwork),
+	string(CVSS20AccessVectorAdjacentNetwork),
+	string(CVSS20AccessVectorLocal),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20AccessVector) UnmarshalText(data []byte) error {
+	s, err := cvss20AccessVectorPattern(data)
+	if err == nil {
+		*e = CVSS20AccessVector(s)
+	}
+	return err
+}
+
+// CVSS20Authentication represents the authenticationType in CVSS20.
+type CVSS20Authentication string
+
+const (
+	// CVSS20AuthenticationMultiple is a constant for "MULTIPLE".
+	CVSS20AuthenticationMultiple CVSS20Authentication = "MULTIPLE"
+	// CVSS20AuthenticationSingle is a constant for "SINGLE".
+	CVSS20AuthenticationSingle CVSS20Authentication = "SINGLE"
+	// CVSS20AuthenticationNone is a constant for "NONE".
+	CVSS20AuthenticationNone CVSS20Authentication = "NONE"
+)
+
+var cvss20AuthenticationPattern = alternativesUnmarshal(
+	string(CVSS20AuthenticationMultiple),
+	string(CVSS20AuthenticationSingle),
+	string(CVSS20AuthenticationNone),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20Authentication) UnmarshalText(data []byte) error {
+	s, err := cvss20AuthenticationPattern(data)
+	if err == nil {
+		*e = CVSS20Authentication(s)
+	}
+	return err
+}
+
+// CVSS20CiaRequirement represents the ciaRequirementType in CVSS20.
+type CVSS20CiaRequirement string
+
+const (
+	// CVSS20CiaRequirementLow is a constant for "LOW".
+	CVSS20CiaRequirementLow CVSS20CiaRequirement = "LOW"
+	// CVSS20CiaRequirementMedium is a constant for "MEDIUM".
+	CVSS20CiaRequirementMedium CVSS20CiaRequirement = "MEDIUM"
+	// CVSS20CiaRequirementHigh is a constant for "HIGH".
+	CVSS20CiaRequirementHigh CVSS20CiaRequirement = "HIGH"
+	// CVSS20CiaRequirementNotDefined is a constant for "NOT_DEFINED".
+	CVSS20CiaRequirementNotDefined CVSS20CiaRequirement = "NOT_DEFINED"
+)
+
+var cvss20CiaRequirementPattern = alternativesUnmarshal(
+	string(CVSS20CiaRequirementLow),
+	string(CVSS20CiaRequirementMedium),
+	string(CVSS20CiaRequirementHigh),
+	string(CVSS20CiaRequirementNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20CiaRequirement) UnmarshalText(data []byte) error {
+	s, err := cvss20CiaRequirementPattern(data)
+	if err == nil {
+		*e = CVSS20CiaRequirement(s)
+	}
+	return err
+}
+
+// CVSS20Cia represents the ciaType in CVSS20.
+type CVSS20Cia string
+
+const (
+	// CVSS20CiaNone is a constant for "NONE".
+	CVSS20CiaNone CVSS20Cia = "NONE"
+	// CVSS20CiaPartial is a constant for "PARTIAL".
+	CVSS20CiaPartial CVSS20Cia = "PARTIAL"
+	// CVSS20CiaComplete is a constant for "COMPLETE".
+	CVSS20CiaComplete CVSS20Cia = "COMPLETE"
+)
+
+var cvss20CiaPattern = alternativesUnmarshal(
+	string(CVSS20CiaNone),
+	string(CVSS20CiaPartial),
+	string(CVSS20CiaComplete),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20Cia) UnmarshalText(data []byte) error {
+	s, err := cvss20CiaPattern(data)
+	if err == nil {
+		*e = CVSS20Cia(s)
+	}
+	return err
+}
+
+// CVSS20CollateralDamagePotential represents the collateralDamagePotentialType in CVSS20.
+type CVSS20CollateralDamagePotential string
+
+const (
+	// CVSS20CollateralDamagePotentialNone is a constant for "NONE".
+	CVSS20CollateralDamagePotentialNone CVSS20CollateralDamagePotential = "NONE"
+	// CVSS20CollateralDamagePotentialLow is a constant for "LOW".
+	CVSS20CollateralDamagePotentialLow CVSS20CollateralDamagePotential = "LOW"
+	// CVSS20CollateralDamagePotentialLowMedium is a constant for "LOW_MEDIUM".
+	CVSS20CollateralDamagePotentialLowMedium CVSS20CollateralDamagePotential = "LOW_MEDIUM"
+	// CVSS20CollateralDamagePotentialMediumHigh is a constant for "MEDIUM_HIGH".
+	CVSS20CollateralDamagePotentialMediumHigh CVSS20CollateralDamagePotential = "MEDIUM_HIGH"
+	// CVSS20CollateralDamagePotentialHigh is a constant for "HIGH".
+	CVSS20CollateralDamagePotentialHigh CVSS20CollateralDamagePotential = "HIGH"
+	// CVSS20CollateralDamagePotentialNotDefined is a constant for "NOT_DEFINED".
+	CVSS20CollateralDamagePotentialNotDefined CVSS20CollateralDamagePotential = "NOT_DEFINED"
+)
+
+var cvss20CollateralDamagePotentialPattern = alternativesUnmarshal(
+	string(CVSS20CollateralDamagePotentialNone),
+	string(CVSS20CollateralDamagePotentialLow),
+	string(CVSS20CollateralDamagePotentialLowMedium),
+	string(CVSS20CollateralDamagePotentialMediumHigh),
+	string(CVSS20CollateralDamagePotentialHigh),
+	string(CVSS20CollateralDamagePotentialNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20CollateralDamagePotential) UnmarshalText(data []byte) error {
+	s, err := cvss20CollateralDamagePotentialPattern(data)
+	if err == nil {
+		*e = CVSS20CollateralDamagePotential(s)
+	}
+	return err
+}
+
+// CVSS20Exploitability represents the exploitabilityType in CVSS20.
+type CVSS20Exploitability string
+
+const (
+	// CVSS20ExploitabilityUnproven is a constant for "UNPROVEN".
+	CVSS20ExploitabilityUnproven CVSS20Exploitability = "UNPROVEN"
+	// CVSS20ExploitabilityProofOfConcept is a constant for "PROOF_OF_CONCEPT".
+	CVSS20ExploitabilityProofOfConcept CVSS20Exploitability = "PROOF_OF_CONCEPT"
+	// CVSS20ExploitabilityFunctional is a constant for "FUNCTIONAL".
+	CVSS20ExploitabilityFunctional CVSS20Exploitability = "FUNCTIONAL"
+	// CVSS20ExploitabilityHigh is a constant for "HIGH".
+	CVSS20ExploitabilityHigh CVSS20Exploitability = "HIGH"
+	// CVSS20ExploitabilityNotDefined is a constant for "NOT_DEFINED".
+	CVSS20ExploitabilityNotDefined CVSS20Exploitability = "NOT_DEFINED"
+)
+
+var cvss20ExploitabilityPattern = alternativesUnmarshal(
+	string(CVSS20ExploitabilityUnproven),
+	string(CVSS20ExploitabilityProofOfConcept),
+	string(CVSS20ExploitabilityFunctional),
+	string(CVSS20ExploitabilityHigh),
+	string(CVSS20ExploitabilityNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20Exploitability) UnmarshalText(data []byte) error {
+	s, err := cvss20ExploitabilityPattern(data)
+	if err == nil {
+		*e = CVSS20Exploitability(s)
+	}
+	return err
+}
+
+// CVSS20RemediationLevel represents the remediationLevelType in CVSS20.
+type CVSS20RemediationLevel string
+
+const (
+	// CVSS20RemediationLevelOfficialFix is a constant for "OFFICIAL_FIX".
+	CVSS20RemediationLevelOfficialFix CVSS20RemediationLevel = "OFFICIAL_FIX"
+	// CVSS20RemediationLevelTemporaryFix is a constant for "TEMPORARY_FIX".
+	CVSS20RemediationLevelTemporaryFix CVSS20RemediationLevel = "TEMPORARY_FIX"
+	// CVSS20RemediationLevelWorkaround is a constant for "WORKAROUND".
+	CVSS20RemediationLevelWorkaround CVSS20RemediationLevel = "WORKAROUND"
+	// CVSS20RemediationLevelUnavailable is a constant for "UNAVAILABLE".
+	CVSS20RemediationLevelUnavailable CVSS20RemediationLevel = "UNAVAILABLE"
+	// CVSS20RemediationLevelNotDefined is a constant for "NOT_DEFINED".
+	CVSS20RemediationLevelNotDefined CVSS20RemediationLevel = "NOT_DEFINED"
+)
+
+var cvss20RemediationLevelPattern = alternativesUnmarshal(
+	string(CVSS20RemediationLevelOfficialFix),
+	string(CVSS20RemediationLevelTemporaryFix),
+	string(CVSS20RemediationLevelWorkaround),
+	string(CVSS20RemediationLevelUnavailable),
+	string(CVSS20RemediationLevelNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20RemediationLevel) UnmarshalText(data []byte) error {
+	s, err := cvss20RemediationLevelPattern(data)
+	if err == nil {
+		*e = CVSS20RemediationLevel(s)
+	}
+	return err
+}
+
+// CVSS20ReportConfidence represents the reportConfidenceType in CVSS20.
+type CVSS20ReportConfidence string
+
+const (
+	// CVSS20ReportConfidenceUnconfirmed is a constant for "UNCONFIRMED".
+	CVSS20ReportConfidenceUnconfirmed CVSS20ReportConfidence = "UNCONFIRMED"
+	// CVSS20ReportConfidenceUncorroborated is a constant for "UNCORROBORATED".
+	CVSS20ReportConfidenceUncorroborated CVSS20ReportConfidence = "UNCORROBORATED"
+	// CVSS20ReportConfidenceConfirmed is a constant for "CONFIRMED".
+	CVSS20ReportConfidenceConfirmed CVSS20ReportConfidence = "CONFIRMED"
+	// CVSS20ReportConfidenceNotDefined is a constant for "NOT_DEFINED".
+	CVSS20ReportConfidenceNotDefined CVSS20ReportConfidence = "NOT_DEFINED"
+)
+
+var cvss20ReportConfidencePattern = alternativesUnmarshal(
+	string(CVSS20ReportConfidenceUnconfirmed),
+	string(CVSS20ReportConfidenceUncorroborated),
+	string(CVSS20ReportConfidenceConfirmed),
+	string(CVSS20ReportConfidenceNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20ReportConfidence) UnmarshalText(data []byte) error {
+	s, err := cvss20ReportConfidencePattern(data)
+	if err == nil {
+		*e = CVSS20ReportConfidence(s)
+	}
+	return err
+}
+
+// CVSS20TargetDistribution represents the targetDistributionType in CVSS20.
+type CVSS20TargetDistribution string
+
+const (
+	// CVSS20TargetDistributionNone is a constant for "NONE".
+	CVSS20TargetDistributionNone CVSS20TargetDistribution = "NONE"
+	// CVSS20TargetDistributionLow is a constant for "LOW".
+	CVSS20TargetDistributionLow CVSS20TargetDistribution = "LOW"
+	// CVSS20TargetDistributionMedium is a constant for "MEDIUM".
+	CVSS20TargetDistributionMedium CVSS20TargetDistribution = "MEDIUM"
+	// CVSS20TargetDistributionHigh is a constant for "HIGH".
+	CVSS20TargetDistributionHigh CVSS20TargetDistribution = "HIGH"
+	// CVSS20TargetDistributionNotDefined is a constant for "NOT_DEFINED".
+	CVSS20TargetDistributionNotDefined CVSS20TargetDistribution = "NOT_DEFINED"
+)
+
+var cvss20TargetDistributionPattern = alternativesUnmarshal(
+	string(CVSS20TargetDistributionNone),
+	string(CVSS20TargetDistributionLow),
+	string(CVSS20TargetDistributionMedium),
+	string(CVSS20TargetDistributionHigh),
+	string(CVSS20TargetDistributionNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS20TargetDistribution) UnmarshalText(data []byte) error {
+	s, err := cvss20TargetDistributionPattern(data)
+	if err == nil {
+		*e = CVSS20TargetDistribution(s)
+	}
+	return err
+}

csaf/cvss3enums.go

@@ -0,0 +1,500 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+//
+// THIS FILE IS MACHINE GENERATED. EDIT WITH CARE!
+
+package csaf
+
+// CVSS3AttackComplexity represents the attackComplexityType in CVSS3.
+type CVSS3AttackComplexity string
+
+const (
+	// CVSS3AttackComplexityHigh is a constant for "HIGH".
+	CVSS3AttackComplexityHigh CVSS3AttackComplexity = "HIGH"
+	// CVSS3AttackComplexityLow is a constant for "LOW".
+	CVSS3AttackComplexityLow CVSS3AttackComplexity = "LOW"
+)
+
+var cvss3AttackComplexityPattern = alternativesUnmarshal(
+	string(CVSS3AttackComplexityHigh),
+	string(CVSS3AttackComplexityLow),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3AttackComplexity) UnmarshalText(data []byte) error {
+	s, err := cvss3AttackComplexityPattern(data)
+	if err == nil {
+		*e = CVSS3AttackComplexity(s)
+	}
+	return err
+}
+
+// CVSS3AttackVector represents the attackVectorType in CVSS3.
+type CVSS3AttackVector string
+
+const (
+	// CVSS3AttackVectorNetwork is a constant for "NETWORK".
+	CVSS3AttackVectorNetwork CVSS3AttackVector = "NETWORK"
+	// CVSS3AttackVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".
+	CVSS3AttackVectorAdjacentNetwork CVSS3AttackVector = "ADJACENT_NETWORK"
+	// CVSS3AttackVectorLocal is a constant for "LOCAL".
+	CVSS3AttackVectorLocal CVSS3AttackVector = "LOCAL"
+	// CVSS3AttackVectorPhysical is a constant for "PHYSICAL".
+	CVSS3AttackVectorPhysical CVSS3AttackVector = "PHYSICAL"
+)
+
+var cvss3AttackVectorPattern = alternativesUnmarshal(
+	string(CVSS3AttackVectorNetwork),
+	string(CVSS3AttackVectorAdjacentNetwork),
+	string(CVSS3AttackVectorLocal),
+	string(CVSS3AttackVectorPhysical),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3AttackVector) UnmarshalText(data []byte) error {
+	s, err := cvss3AttackVectorPattern(data)
+	if err == nil {
+		*e = CVSS3AttackVector(s)
+	}
+	return err
+}
+
+// CVSS3CiaRequirement represents the ciaRequirementType in CVSS3.
+type CVSS3CiaRequirement string
+
+const (
+	// CVSS3CiaRequirementLow is a constant for "LOW".
+	CVSS3CiaRequirementLow CVSS3CiaRequirement = "LOW"
+	// CVSS3CiaRequirementMedium is a constant for "MEDIUM".
+	CVSS3CiaRequirementMedium CVSS3CiaRequirement = "MEDIUM"
+	// CVSS3CiaRequirementHigh is a constant for "HIGH".
+	CVSS3CiaRequirementHigh CVSS3CiaRequirement = "HIGH"
+	// CVSS3CiaRequirementNotDefined is a constant for "NOT_DEFINED".
+	CVSS3CiaRequirementNotDefined CVSS3CiaRequirement = "NOT_DEFINED"
+)
+
+var cvss3CiaRequirementPattern = alternativesUnmarshal(
+	string(CVSS3CiaRequirementLow),
+	string(CVSS3CiaRequirementMedium),
+	string(CVSS3CiaRequirementHigh),
+	string(CVSS3CiaRequirementNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3CiaRequirement) UnmarshalText(data []byte) error {
+	s, err := cvss3CiaRequirementPattern(data)
+	if err == nil {
+		*e = CVSS3CiaRequirement(s)
+	}
+	return err
+}
+
+// CVSS3Cia represents the ciaType in CVSS3.
+type CVSS3Cia string
+
+const (
+	// CVSS3CiaNone is a constant for "NONE".
+	CVSS3CiaNone CVSS3Cia = "NONE"
+	// CVSS3CiaLow is a constant for "LOW".
+	CVSS3CiaLow CVSS3Cia = "LOW"
+	// CVSS3CiaHigh is a constant for "HIGH".
+	CVSS3CiaHigh CVSS3Cia = "HIGH"
+)
+
+var cvss3CiaPattern = alternativesUnmarshal(
+	string(CVSS3CiaNone),
+	string(CVSS3CiaLow),
+	string(CVSS3CiaHigh),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3Cia) UnmarshalText(data []byte) error {
+	s, err := cvss3CiaPattern(data)
+	if err == nil {
+		*e = CVSS3Cia(s)
+	}
+	return err
+}
+
+// CVSS3Confidence represents the confidenceType in CVSS3.
+type CVSS3Confidence string
+
+const (
+	// CVSS3ConfidenceUnknown is a constant for "UNKNOWN".
+	CVSS3ConfidenceUnknown CVSS3Confidence = "UNKNOWN"
+	// CVSS3ConfidenceReasonable is a constant for "REASONABLE".
+	CVSS3ConfidenceReasonable CVSS3Confidence = "REASONABLE"
+	// CVSS3ConfidenceConfirmed is a constant for "CONFIRMED".
+	CVSS3ConfidenceConfirmed CVSS3Confidence = "CONFIRMED"
+	// CVSS3ConfidenceNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ConfidenceNotDefined CVSS3Confidence = "NOT_DEFINED"
+)
+
+var cvss3ConfidencePattern = alternativesUnmarshal(
+	string(CVSS3ConfidenceUnknown),
+	string(CVSS3ConfidenceReasonable),
+	string(CVSS3ConfidenceConfirmed),
+	string(CVSS3ConfidenceNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3Confidence) UnmarshalText(data []byte) error {
+	s, err := cvss3ConfidencePattern(data)
+	if err == nil {
+		*e = CVSS3Confidence(s)
+	}
+	return err
+}
+
+// CVSS3ExploitCodeMaturity represents the exploitCodeMaturityType in CVSS3.
+type CVSS3ExploitCodeMaturity string
+
+const (
+	// CVSS3ExploitCodeMaturityUnproven is a constant for "UNPROVEN".
+	CVSS3ExploitCodeMaturityUnproven CVSS3ExploitCodeMaturity = "UNPROVEN"
+	// CVSS3ExploitCodeMaturityProofOfConcept is a constant for "PROOF_OF_CONCEPT".
+	CVSS3ExploitCodeMaturityProofOfConcept CVSS3ExploitCodeMaturity = "PROOF_OF_CONCEPT"
+	// CVSS3ExploitCodeMaturityFunctional is a constant for "FUNCTIONAL".
+	CVSS3ExploitCodeMaturityFunctional CVSS3ExploitCodeMaturity = "FUNCTIONAL"
+	// CVSS3ExploitCodeMaturityHigh is a constant for "HIGH".
+	CVSS3ExploitCodeMaturityHigh CVSS3ExploitCodeMaturity = "HIGH"
+	// CVSS3ExploitCodeMaturityNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ExploitCodeMaturityNotDefined CVSS3ExploitCodeMaturity = "NOT_DEFINED"
+)
+
+var cvss3ExploitCodeMaturityPattern = alternativesUnmarshal(
+	string(CVSS3ExploitCodeMaturityUnproven),
+	string(CVSS3ExploitCodeMaturityProofOfConcept),
+	string(CVSS3ExploitCodeMaturityFunctional),
+	string(CVSS3ExploitCodeMaturityHigh),
+	string(CVSS3ExploitCodeMaturityNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ExploitCodeMaturity) UnmarshalText(data []byte) error {
+	s, err := cvss3ExploitCodeMaturityPattern(data)
+	if err == nil {
+		*e = CVSS3ExploitCodeMaturity(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedAttackComplexity represents the modifiedAttackComplexityType in CVSS3.
+type CVSS3ModifiedAttackComplexity string
+
+const (
+	// CVSS3ModifiedAttackComplexityHigh is a constant for "HIGH".
+	CVSS3ModifiedAttackComplexityHigh CVSS3ModifiedAttackComplexity = "HIGH"
+	// CVSS3ModifiedAttackComplexityLow is a constant for "LOW".
+	CVSS3ModifiedAttackComplexityLow CVSS3ModifiedAttackComplexity = "LOW"
+	// CVSS3ModifiedAttackComplexityNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedAttackComplexityNotDefined CVSS3ModifiedAttackComplexity = "NOT_DEFINED"
+)
+
+var cvss3ModifiedAttackComplexityPattern = alternativesUnmarshal(
+	string(CVSS3ModifiedAttackComplexityHigh),
+	string(CVSS3ModifiedAttackComplexityLow),
+	string(CVSS3ModifiedAttackComplexityNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedAttackComplexity) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedAttackComplexityPattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedAttackComplexity(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedAttackVector represents the modifiedAttackVectorType in CVSS3.
+type CVSS3ModifiedAttackVector string
+
+const (
+	// CVSS3ModifiedAttackVectorNetwork is a constant for "NETWORK".
+	CVSS3ModifiedAttackVectorNetwork CVSS3ModifiedAttackVector = "NETWORK"
+	// CVSS3ModifiedAttackVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".
+	CVSS3ModifiedAttackVectorAdjacentNetwork CVSS3ModifiedAttackVector = "ADJACENT_NETWORK"
+	// CVSS3ModifiedAttackVectorLocal is a constant for "LOCAL".
+	CVSS3ModifiedAttackVectorLocal CVSS3ModifiedAttackVector = "LOCAL"
+	// CVSS3ModifiedAttackVectorPhysical is a constant for "PHYSICAL".
+	CVSS3ModifiedAttackVectorPhysical CVSS3ModifiedAttackVector = "PHYSICAL"
+	// CVSS3ModifiedAttackVectorNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedAttackVectorNotDefined CVSS3ModifiedAttackVector = "NOT_DEFINED"
+)
+
+var cvss3ModifiedAttackVectorPattern = alternativesUnmarshal(
+	string(CVSS3ModifiedAttackVectorNetwork),
+	string(CVSS3ModifiedAttackVectorAdjacentNetwork),
+	string(CVSS3ModifiedAttackVectorLocal),
+	string(CVSS3ModifiedAttackVectorPhysical),
+	string(CVSS3ModifiedAttackVectorNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedAttackVector) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedAttackVectorPattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedAttackVector(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedCia represents the modifiedCiaType in CVSS3.
+type CVSS3ModifiedCia string
+
+const (
+	// CVSS3ModifiedCiaNone is a constant for "NONE".
+	CVSS3ModifiedCiaNone CVSS3ModifiedCia = "NONE"
+	// CVSS3ModifiedCiaLow is a constant for "LOW".
+	CVSS3ModifiedCiaLow CVSS3ModifiedCia = "LOW"
+	// CVSS3ModifiedCiaHigh is a constant for "HIGH".
+	CVSS3ModifiedCiaHigh CVSS3ModifiedCia = "HIGH"
+	// CVSS3ModifiedCiaNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedCiaNotDefined CVSS3ModifiedCia = "NOT_DEFINED"
+)
+
+var cvss3ModifiedCiaPattern = alternativesUnmarshal(
+	string(CVSS3ModifiedCiaNone),
+	string(CVSS3ModifiedCiaLow),
+	string(CVSS3ModifiedCiaHigh),
+	string(CVSS3ModifiedCiaNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedCia) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedCiaPattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedCia(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedPrivilegesRequired represents the modifiedPrivilegesRequiredType in CVSS3.
+type CVSS3ModifiedPrivilegesRequired string
+
+const (
+	// CVSS3ModifiedPrivilegesRequiredHigh is a constant for "HIGH".
+	CVSS3ModifiedPrivilegesRequiredHigh CVSS3ModifiedPrivilegesRequired = "HIGH"
+	// CVSS3ModifiedPrivilegesRequiredLow is a constant for "LOW".
+	CVSS3ModifiedPrivilegesRequiredLow CVSS3ModifiedPrivilegesRequired = "LOW"
+	// CVSS3ModifiedPrivilegesRequiredNone is a constant for "NONE".
+	CVSS3ModifiedPrivilegesRequiredNone CVSS3ModifiedPrivilegesRequired = "NONE"
+	// CVSS3ModifiedPrivilegesRequiredNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedPrivilegesRequiredNotDefined CVSS3ModifiedPrivilegesRequired = "NOT_DEFINED"
+)
+
+var cvss3ModifiedPrivilegesRequiredPattern = alternativesUnmarshal(
+	string(CVSS3ModifiedPrivilegesRequiredHigh),
+	string(CVSS3ModifiedPrivilegesRequiredLow),
+	string(CVSS3ModifiedPrivilegesRequiredNone),
+	string(CVSS3ModifiedPrivilegesRequiredNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedPrivilegesRequired) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedPrivilegesRequiredPattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedPrivilegesRequired(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedScope represents the modifiedScopeType in CVSS3.
+type CVSS3ModifiedScope string
+
+const (
+	// CVSS3ModifiedScopeUnchanged is a constant for "UNCHANGED".
+	CVSS3ModifiedScopeUnchanged CVSS3ModifiedScope = "UNCHANGED"
+	// CVSS3ModifiedScopeChanged is a constant for "CHANGED".
+	CVSS3ModifiedScopeChanged CVSS3ModifiedScope = "CHANGED"
+	// CVSS3ModifiedScopeNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedScopeNotDefined CVSS3ModifiedScope = "NOT_DEFINED"
+)
+
+var cvss3ModifiedScopePattern = alternativesUnmarshal(
+	string(CVSS3ModifiedScopeUnchanged),
+	string(CVSS3ModifiedScopeChanged),
+	string(CVSS3ModifiedScopeNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedScope) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedScopePattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedScope(s)
+	}
+	return err
+}
+
+// CVSS3ModifiedUserInteraction represents the modifiedUserInteractionType in CVSS3.
+type CVSS3ModifiedUserInteraction string
+
+const (
+	// CVSS3ModifiedUserInteractionNone is a constant for "NONE".
+	CVSS3ModifiedUserInteractionNone CVSS3ModifiedUserInteraction = "NONE"
+	// CVSS3ModifiedUserInteractionRequired is a constant for "REQUIRED".
+	CVSS3ModifiedUserInteractionRequired CVSS3ModifiedUserInteraction = "REQUIRED"
+	// CVSS3ModifiedUserInteractionNotDefined is a constant for "NOT_DEFINED".
+	CVSS3ModifiedUserInteractionNotDefined CVSS3ModifiedUserInteraction = "NOT_DEFINED"
+)
+
+var cvss3ModifiedUserInteractionPattern = alternativesUnmarshal(
+	string(CVSS3ModifiedUserInteractionNone),
+	string(CVSS3ModifiedUserInteractionRequired),
+	string(CVSS3ModifiedUserInteractionNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3ModifiedUserInteraction) UnmarshalText(data []byte) error {
+	s, err := cvss3ModifiedUserInteractionPattern(data)
+	if err == nil {
+		*e = CVSS3ModifiedUserInteraction(s)
+	}
+	return err
+}
+
+// CVSS3PrivilegesRequired represents the privilegesRequiredType in CVSS3.
+type CVSS3PrivilegesRequired string
+
+const (
+	// CVSS3PrivilegesRequiredHigh is a constant for "HIGH".
+	CVSS3PrivilegesRequiredHigh CVSS3PrivilegesRequired = "HIGH"
+	// CVSS3PrivilegesRequiredLow is a constant for "LOW".
+	CVSS3PrivilegesRequiredLow CVSS3PrivilegesRequired = "LOW"
+	// CVSS3PrivilegesRequiredNone is a constant for "NONE".
+	CVSS3PrivilegesRequiredNone CVSS3PrivilegesRequired = "NONE"
+)
+
+var cvss3PrivilegesRequiredPattern = alternativesUnmarshal(
+	string(CVSS3PrivilegesRequiredHigh),
+	string(CVSS3PrivilegesRequiredLow),
+	string(CVSS3PrivilegesRequiredNone),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3PrivilegesRequired) UnmarshalText(data []byte) error {
+	s, err := cvss3PrivilegesRequiredPattern(data)
+	if err == nil {
+		*e = CVSS3PrivilegesRequired(s)
+	}
+	return err
+}
+
+// CVSS3RemediationLevel represents the remediationLevelType in CVSS3.
+type CVSS3RemediationLevel string
+
+const (
+	// CVSS3RemediationLevelOfficialFix is a constant for "OFFICIAL_FIX".
+	CVSS3RemediationLevelOfficialFix CVSS3RemediationLevel = "OFFICIAL_FIX"
+	// CVSS3RemediationLevelTemporaryFix is a constant for "TEMPORARY_FIX".
+	CVSS3RemediationLevelTemporaryFix CVSS3RemediationLevel = "TEMPORARY_FIX"
+	// CVSS3RemediationLevelWorkaround is a constant for "WORKAROUND".
+	CVSS3RemediationLevelWorkaround CVSS3RemediationLevel = "WORKAROUND"
+	// CVSS3RemediationLevelUnavailable is a constant for "UNAVAILABLE".
+	CVSS3RemediationLevelUnavailable CVSS3RemediationLevel = "UNAVAILABLE"
+	// CVSS3RemediationLevelNotDefined is a constant for "NOT_DEFINED".
+	CVSS3RemediationLevelNotDefined CVSS3RemediationLevel = "NOT_DEFINED"
+)
+
+var cvss3RemediationLevelPattern = alternativesUnmarshal(
+	string(CVSS3RemediationLevelOfficialFix),
+	string(CVSS3RemediationLevelTemporaryFix),
+	string(CVSS3RemediationLevelWorkaround),
+	string(CVSS3RemediationLevelUnavailable),
+	string(CVSS3RemediationLevelNotDefined),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3RemediationLevel) UnmarshalText(data []byte) error {
+	s, err := cvss3RemediationLevelPattern(data)
+	if err == nil {
+		*e = CVSS3RemediationLevel(s)
+	}
+	return err
+}
+
+// CVSS3Scope represents the scopeType in CVSS3.
+type CVSS3Scope string
+
+const (
+	// CVSS3ScopeUnchanged is a constant for "UNCHANGED".
+	CVSS3ScopeUnchanged CVSS3Scope = "UNCHANGED"
+	// CVSS3ScopeChanged is a constant for "CHANGED".
+	CVSS3ScopeChanged CVSS3Scope = "CHANGED"
+)
+
+var cvss3ScopePattern = alternativesUnmarshal(
+	string(CVSS3ScopeUnchanged),
+	string(CVSS3ScopeChanged),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3Scope) UnmarshalText(data []byte) error {
+	s, err := cvss3ScopePattern(data)
+	if err == nil {
+		*e = CVSS3Scope(s)
+	}
+	return err
+}
+
+// CVSS3Severity represents the severityType in CVSS3.
+type CVSS3Severity string
+
+const (
+	// CVSS3SeverityNone is a constant for "NONE".
+	CVSS3SeverityNone CVSS3Severity = "NONE"
+	// CVSS3SeverityLow is a constant for "LOW".
+	CVSS3SeverityLow CVSS3Severity = "LOW"
+	// CVSS3SeverityMedium is a constant for "MEDIUM".
+	CVSS3SeverityMedium CVSS3Severity = "MEDIUM"
+	// CVSS3SeverityHigh is a constant for "HIGH".
+	CVSS3SeverityHigh CVSS3Severity = "HIGH"
+	// CVSS3SeverityCritical is a constant for "CRITICAL".
+	CVSS3SeverityCritical CVSS3Severity = "CRITICAL"
+)
+
+var cvss3SeverityPattern = alternativesUnmarshal(
+	string(CVSS3SeverityNone),
+	string(CVSS3SeverityLow),
+	string(CVSS3SeverityMedium),
+	string(CVSS3SeverityHigh),
+	string(CVSS3SeverityCritical),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3Severity) UnmarshalText(data []byte) error {
+	s, err := cvss3SeverityPattern(data)
+	if err == nil {
+		*e = CVSS3Severity(s)
+	}
+	return err
+}
+
+// CVSS3UserInteraction represents the userInteractionType in CVSS3.
+type CVSS3UserInteraction string
+
+const (
+	// CVSS3UserInteractionNone is a constant for "NONE".
+	CVSS3UserInteractionNone CVSS3UserInteraction = "NONE"
+	// CVSS3UserInteractionRequired is a constant for "REQUIRED".
+	CVSS3UserInteractionRequired CVSS3UserInteraction = "REQUIRED"
+)
+
+var cvss3UserInteractionPattern = alternativesUnmarshal(
+	string(CVSS3UserInteractionNone),
+	string(CVSS3UserInteractionRequired),
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *CVSS3UserInteraction) UnmarshalText(data []byte) error {
+	s, err := cvss3UserInteractionPattern(data)
+	if err == nil {
+		*e = CVSS3UserInteraction(s)
+	}
+	return err
+}

csaf/doc.go

@@ -8,3 +8,8 @@
 
 // Package csaf contains the core data models used by the csaf distribution.
 package csaf
+
+//go:generate go run ./generate_cvss_enums.go -o cvss20enums.go -i ./schema/cvss-v2.0.json -p CVSS20
+// Generating only enums for CVSS 3.0 and not for 3.1 since the enums of both of them
+// are identical.
+//go:generate go run ./generate_cvss_enums.go -o cvss3enums.go -i ./schema/cvss-v3.0.json -p CVSS3

csaf/generate_cvss_enums.go

@@ -0,0 +1,152 @@
+//go:build ignore
+
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"go/format"
+	"log"
+	"os"
+	"slices"
+	"strings"
+	"text/template"
+)
+
+const tmplText = `// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+//
+// THIS FILE IS MACHINE GENERATED. EDIT WITH CARE!
+
+package csaf
+
+{{ range $key := .Keys }}
+{{ $def := index $.Definitions $key }}
+// {{ $type := printf "%s%s" $.Prefix (typename $key) }}{{ $type }} represents the {{ $key }} in {{ $.Prefix }}.
+type {{ $type }} string
+const (
+	{{ range $enum := $def.Enum -}}
+	// {{ $type}}{{ symbol $enum }} is a constant for "{{ $enum }}".
+	{{ $type }}{{ symbol $enum }} {{ $type }} = "{{ $enum }}"
+	{{ end }}
+)
+var {{ tolower $.Prefix }}{{ typename $key }}Pattern = alternativesUnmarshal(
+	{{ range $enum := $def.Enum -}}
+	string({{ $type }}{{ symbol $enum }}),
+	{{ end }}
+)
+
+// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
+func (e *{{ $type }}) UnmarshalText(data []byte) error {
+	s, err := {{ tolower $.Prefix }}{{ typename $key }}Pattern(data)
+	if err == nil {
+		*e = {{ $type }}(s)
+	}
+	return err
+}
+{{ end }}
+`
+
+var tmpl = template.Must(template.New("enums").Funcs(funcs).Parse(tmplText))
+
+type definition struct {
+	Type string   `json:"type"`
+	Enum []string `json:"enum"`
+}
+
+type schema struct {
+	Definitions map[string]*definition `json:"definitions"`
+}
+
+var funcs = template.FuncMap{
+	"tolower": strings.ToLower,
+	"symbol": func(s string) string {
+		s = strings.ToLower(s)
+		s = strings.ReplaceAll(s, "_", " ")
+		s = strings.Title(s)
+		s = strings.ReplaceAll(s, " ", "")
+		return s
+	},
+	"typename": func(s string) string {
+		if strings.HasSuffix(s, "Type") {
+			s = s[:len(s)-len("Type")]
+		}
+		s = strings.Title(s)
+		return s
+	},
+}
+
+func loadSchema(filename string) (*schema, error) {
+	f, err := os.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	var s schema
+	if err := json.NewDecoder(f).Decode(&s); err != nil {
+		return nil, err
+	}
+	return &s, nil
+}
+
+func check(err error) {
+	if err != nil {
+		log.Fatalf("error: %v\n", err)
+	}
+}
+
+func main() {
+	var (
+		input  = flag.String("i", "input", "")
+		output = flag.String("o", "output", "")
+		prefix = flag.String("p", "prefix", "")
+	)
+	flag.Parse()
+	if *input == "" {
+		log.Fatalln("missing schema")
+	}
+	if *output == "" {
+		log.Fatalln("missing output")
+	}
+	if *prefix == "" {
+		log.Fatalln("missing prefix")
+	}
+
+	s, err := loadSchema(*input)
+	check(err)
+
+	defs := make([]string, 0, len(s.Definitions))
+	for k, v := range s.Definitions {
+		if v.Type == "string" && len(v.Enum) > 0 {
+			defs = append(defs, k)
+		}
+	}
+	slices.Sort(defs)
+
+	var source bytes.Buffer
+
+	check(tmpl.Execute(&source, map[string]any{
+		"Prefix":      *prefix,
+		"Definitions": s.Definitions,
+		"Keys":        defs,
+	}))
+
+	formatted, err := format.Source(source.Bytes())
+	check(err)
+
+	check(os.WriteFile(*output, formatted, 0644))
+}

csaf/schema/cvss-v3.0.json

@@ -108,7 +108,7 @@
         },
         "vectorString": {
             "type": "string",
-            "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"
+            "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"
         },
         "attackVector":                   { "$ref": "#/definitions/attackVectorType" },
         "attackComplexity":               { "$ref": "#/definitions/attackComplexityType" },

docs/csaf_searcher.md

@@ -0,0 +1,16 @@
+# csaf_advisory_example
+
+This is a small searcher using the advisory model to search for PURLs belonging to a product ID in an advisory of the CSAF 2.0 standard.
+
+Usage:
+```
+
+csaf_advisory_example OPTIONS [files...]
+
+Application Options:
+-p                                         The Product ID
+
+Help Options:
+-h, --help                                 Show a help message
+
+```