1// Schema lifecycle: experimental | stable | deprecated
 2@status("experimental")
 3package gemara
 4
 5@go(gemara)
 6
 7// A VectorCatalog is a structured collection of documented vectors,
 8// serving as a centralized reference for known attack methods and exploitation pathways that may be relevant to a particular domain, framework, or security model.
 9
10#VectorCatalog: {
11	#Catalog
12	metadata: type: "VectorCatalog"
13
14	// vectors is a list of attack vectors documented in this catalog
15	vectors?: [#Vector, ...#Vector] @go(Vectors)
16
17	if vectors != _|_ {
18		_uniqueVectorIds: {for i, v in vectors {(v.id): i}}
19		groups: [#Group, ...#Group]
20	}
21}
22
23// A Vector represents a method, pathway, or technique through which a threat may be realized or an attack may be carried out.
24#Vector: {
25	// id allows this vector to be referenced by other elements
26	id: string
27
28	// title describes the vector
29	title: string
30
31	// description explains how the attack vector works
32	description: string
33
34	// group references by id a catalog group that this vector belongs to
35	group: string @go(Group)
36
37	// applicability specifies the contexts in which this vector can manifest
38	applicability?: [string, ...string] @go(Applicability)
39}