{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://github.com/api-evangelist/wallarm/blob/main/json-schema/wallarm-vulnerability-schema.json",
  "title": "Wallarm Vulnerability",
  "description": "Schema for a vulnerability detected by Wallarm active security testing.",
  "type": "object",
  "properties": {
    "id": {
      "type": "integer",
      "description": "Unique vulnerability identifier"
    },
    "type": {
      "type": "string",
      "description": "Vulnerability type",
      "enum": ["sqli", "xss", "rce", "lfi", "ptrav", "crlf", "redir", "nosqli", "xxe", "ssrf"]
    },
    "status": {
      "type": "string",
      "description": "Current vulnerability status",
      "enum": ["active", "fixed", "false_positive"]
    },
    "severity": {
      "type": "string",
      "description": "Vulnerability severity rating",
      "enum": ["critical", "high", "medium", "low"]
    },
    "domain": {
      "type": "string",
      "description": "Affected domain"
    },
    "path": {
      "type": "string",
      "description": "Affected URL path"
    },
    "method": {
      "type": "string",
      "description": "HTTP method",
      "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]
    },
    "parameter": {
      "type": "string",
      "description": "Vulnerable parameter name"
    },
    "description": {
      "type": "string",
      "description": "Human-readable vulnerability description"
    },
    "discovered": {
      "type": "integer",
      "description": "Unix timestamp when vulnerability was first discovered"
    },
    "fixed_at": {
      "type": ["integer", "null"],
      "description": "Unix timestamp when vulnerability was marked as fixed"
    }
  },
  "required": ["id", "type", "status", "severity"]
}