Skip to content

Commit

Permalink
doc: update examples to explain ghc-component and aliases
Browse files Browse the repository at this point in the history
  • Loading branch information
frasertweedale committed Oct 2, 2024
1 parent d5d7caf commit bb291e3
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
11 changes: 11 additions & 0 deletions EXAMPLE_ADVISORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,19 @@ related = ["CVE-2022-YYYY", "CVE-2022-ZZZZ"]

# You can declare multiple affected packages
[[affected]]

# Declare the affected package/component via ONE of the
# following options
#
# OPTION 1: package = hackage-package-name
package = "package-name"
#
# OPTION 2: ghc-component = {ghc,ghci,rts,ghc-pkg,runghc,ghc-iserv,hp2ps,hpc,hsc2hs,haddock}
# ghc-component = "ghci"

# CVSS vector. Accepted versions: 2.0, 3.0, 3.1
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

# arch = ["x86", "x86_64"]
# os = ["mingw32"]
# declarations = { "Acme.Broken.function" = ">= 1.1.0 && < 1.2.0", "Acme.Broken.renamedFunction" = ">= 1.2.0 && < 1.2.0.5"}
Expand Down
16 changes: 13 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,13 @@ capec = [123]
# particular class of vulnerabilities?"
keywords = ["ssl", "mitm"]

# Vulnerability aliases, e.g. CVE IDs (optional but recommended)
# Request a CVE for your HSec vulns: https://iwantacve.org/
# Vulnerability aliases, e.g. CVE or GHSA IDs. This field is
# optional, but it is strongly recommended to reference any known
# aliases.
#
# A corresponding CVE is not required, but you can request one if
# you want: https://iwantacve.org/
#
#aliases = ["CVE-2018-XXXX"]

# Related vulnerabilities (optional)
Expand All @@ -72,8 +77,13 @@ url = "https://github.com/username/package/pull/139"
# and the `versions` table.
[[affected]]

# Mandatory: name of the affected package on Hackage
# Mandatory package component identifier; ONE of the following:
#
# OPTION 1: name of the affected package on Hackage
package = "acme-broken"
#
# OPTION 2: component of GHC compiler suite
# ghc-component = {ghc,ghci,rts,ghc-pkg,runghc,ghc-iserv,hp2ps,hpc,hsc2hs,haddock}

# Mandatory: a Common Vulnerability Scoring System score. More information
# can be found on the CVSS website, https://www.first.org/cvss/.
Expand Down

0 comments on commit bb291e3

Please sign in to comment.