From 463720c3fff0692dde0a8f3d69eb8d282e09332b Mon Sep 17 00:00:00 2001
From: Lucas Tesson <lucastesson@protonmail.com>
Date: Fri, 1 Dec 2023 00:03:00 +0100
Subject: [PATCH] Add support of CVSS v4.0 (#213)

This PR comes to unlock #166 which seems stuck.

## What does it bring ?

Basic support of CVSS v4.0, I'll open another issue about #178 about
validating the CVSS vectors soon, as the FIRST.ORG SIG CVSS provide
official CVSS validation regex we could use for schema validation.

The string representation (aka vector) example comes from the CVSS v4.0
Specification Document Section 7.

Signed-off-by: Lucas TESSON <lucastesson@protonmail.com>
---
 docs/schema.md         | 1 +
 validation/schema.json | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/schema.md b/docs/schema.md
index 75a0c5ae..47a6f151 100644
--- a/docs/schema.md
+++ b/docs/schema.md
@@ -498,6 +498,7 @@ describes the quantitative method used to calculate the associated `score`.
 | --------- | ----------- |
 | `CVSS_V2` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v2/) that is == 2.0 (e.g.`"AV:L/AC:M/Au:N/C:N/I:P/A:C"`).|
 | `CVSS_V3` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/) that is >= 3.0 and < 4.0 (e.g.`"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"`).|
+| `CVSS_V4` | A CVSS vector string representing the unique characterictics and severity of the vulnerability using a version on the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/) that is >= 4.0 and < 5.0 (e.g. `"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"`). |
 | Your quantitative severity type here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). |
 
 ### severity[].score field
diff --git a/validation/schema.json b/validation/schema.json
index 0f79679a..6c2bc0d6 100644
--- a/validation/schema.json
+++ b/validation/schema.json
@@ -289,7 +289,8 @@
             "type": "string",
             "enum": [
               "CVSS_V2",
-              "CVSS_V3"
+              "CVSS_V3",
+              "CVSS_V4"
             ]
           },
           "score": {