Validation failed: Expected value to match one of the values specified by the enum CVSSv3.1

[colinkmorgan]

We've incorporated they CycloneDX.Core library into our .net core application and are using it to serialize and de-serialize cyclondx JSON files. During our testing, we attempted to import an example JSON that has vulnerabilities on it and the cyclondx library is not recognizing it as a valid cyclonedx file (the web tool validates it as a valid file).

Upon digging into the logs, and doing further testing we've identified the following:

• The error message is "Validation failed: Expected value to match one of the values specified by the enum CVSSv3.1"
• It seems all of the scoring methods work, except for "CVSSv31" (e.g if you change the method to "CVSSv3" it works as expected")

[mtsfoni]

Could you provide a simplified bom.json as a testcase, and I will try to have a look at it soon.

[colinkmorgan]

Hi Michael, Attached is the example/sample file we’re working from. Thanks, Colin - Colin Morgan, CISSP, CISM, GPEN Managing Director Apraciti, LLC Skype: colinkmorgan ***@***.******@***.***> https://www.apraciti.com<https://www.apraciti.com/> ******************************************************************* Disclaimer: This email and its contents and attachments may contain privileged or confidential information and is intended only for the individual(s) or entity(s) name within the message. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. To do so might constitute a violation of the Electronic Communications Privacy Act. U.S.C. Section 2510-2521. If you have received this message in error, please notify the sender immediately by replying to the message and permanently delete it and destroy any printout thereof. ******************************************************************* From: Michael Tsfoni ***@***.***> Sent: Monday, January 1, 2024 4:49 PM To: CycloneDX/cyclonedx-dotnet-library ***@***.***> Cc: Colin Morgan ***@***.***>; Author ***@***.***> Subject: Re: [CycloneDX/cyclonedx-dotnet-library] Validation failed: Expected value to match one of the values specified by the enum CVSSv3.1 (Issue #279) Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments. Could you provide a simplified bom.json as a testcase, and I will try to have a look at it soon. — Reply to this email directly, view it on GitHub<#279 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AQHAXA2ZORMPJU37B3YP7K3YMMVLRAVCNFSM6AAAAABAW6QCJWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZTGQ4TGNBYHE>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

[dzsibi]

I submitted a PR (#261) back in September to fix this, but it hasn't been merged yet.

[mtsfoni]

#261 has been merged and released