Justification provides the justification when the state of the assessment if NOT_AFFECTED.
| JSON representation |
|---|
{
"justificationType": enum ( |
| Fields | |
|---|---|
justificationType |
The justification type for this vulnerability. |
details |
Additional details on why this justification was chosen. |
JustificationType
Provides the type of justification.
| Enums | |
|---|---|
JUSTIFICATION_TYPE_UNSPECIFIED |
JUSTIFICATION_TYPE_UNSPECIFIED. |
COMPONENT_NOT_PRESENT |
The vulnerable component is not present in the product. |
VULNERABLE_CODE_NOT_PRESENT |
The vulnerable code is not present. Typically this case occurs when source code is configured or built in a way that excludes the vulnerable code. |
VULNERABLE_CODE_NOT_IN_EXECUTE_PATH |
The vulnerable code can not be executed. Typically this case occurs when the product includes the vulnerable code but does not call or use the vulnerable code. |
VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY |
The vulnerable code cannot be controlled by an attacker to exploit the vulnerability. |
INLINE_MITIGATIONS_ALREADY_EXIST |
The product includes built-in protections or features that prevent exploitation of the vulnerability. These built-in protections cannot be subverted by the attacker and cannot be configured or disabled by the user. These mitigations completely prevent exploitation based on known attack vectors. |