Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON values: float vs int #319

Open
jayjacobs opened this issue May 25, 2024 · 2 comments
Open

JSON values: float vs int #319

jayjacobs opened this issue May 25, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@jayjacobs
Copy link
Collaborator

I am not convinced this is something we should fix in the JSON schema, or even if we want to be bothered with it.

But strongly typed languages interpret "1" and "1.0" differently and can cause errors when combining values across CVE records with different types. This is heavily debated in the JSON Schema definition: json-schema/json-schema#27

There are several fields in CVE records, specifically in the CVSS (metrics) section, that have different data types when parsing in python, but I am not sure if this is something we need to tackle at the data storage/validation step.

  • containers.cna.metrics.cvssV2_0.baseScore : [{"float": 2215}, {"int": 1111}]
  • containers.cna.metrics.cvssV3_0.baseScore : [{"float": 14945}, {"int": 802}]
  • containers.cna.metrics.cvssV3_1.baseScore : [{"float": 41590}, {"int": 2224}]
  • containers.cna.metrics.cvssV4_0.baseScore : [{"float": 236}, {"int": 4}]
  • containers.cna.metrics.cvssV3_0.temporalScore : [{"float": 2272}, {"int": 42}]
  • containers.cna.metrics.cvssV3_1.temporalScore : [{"float": 1077}, {"int": 52}]
  • containers.cna.metrics.other.content.baseScore : [{"float": 30}, {"int": 6}]
  • containers.cna.metrics.other.content.version : [{"str": 3}, {"float": 25}] << this is different
@jayjacobs
Copy link
Collaborator Author

Some clarification to add, the JSON specification does not differentiate between float and int data types, it allows strings, numbers and literals (null, true, false). So all but the last one listed above is valid JSON across the records.

So this is more of a formatting request that numbers in the fields above be formated with a ".0" appended if they are integers. But I don't feel very strongly about this change, it would help the json parsing in languages like python though.

Also, the containers.cna.metrics.other.content.version is a separate issue, not sure what the schema says about that field, but it is represented as both a number and string across different JSON records.

@trolldbois
Copy link

possibly a related problem (float vs decimal):

That can be solved by using json.load(x, parse_float=decimal.Decimal)

@jayjacobs jayjacobs added the bug Something isn't working label Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trolldbois @jayjacobs