Validate advisories through schemas

Author: fatkodima

Gemfile

@@ -2,6 +2,7 @@ source 'https://rubygems.org'
 
 gem 'faraday'
 gem 'rake'
+gem 'kwalify'
 gem 'rspec'
 
 group :development do

Gemfile.lock

@@ -5,6 +5,7 @@ GEM
     diff-lcs (1.3)
     faraday (0.15.4)
       multipart-post (>= 1.2, < 3)
+    kwalify (0.7.2)
     method_source (0.9.0)
     mini_portile2 (2.4.0)
     multipart-post (2.1.1)
@@ -33,6 +34,7 @@ PLATFORMS
 
 DEPENDENCIES
   faraday
+  kwalify
   nokogiri
   pry
   rake

spec/gem_example.rb

@@ -5,6 +5,8 @@
   include_examples 'Advisory', path
 
   advisory = YAML.load_file(path)
+  schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/gem.yml'))
+  validator = Kwalify::Validator.new(schema)
 
   describe path do
     let(:gem) { File.basename(File.dirname(path)) }
@@ -33,5 +35,10 @@
         end
       end
     end
+
+    it "should have valid schema" do
+      errors = validator.validate(advisory)
+      expect(errors).to be_empty
+    end
   end
 end

spec/ruby_example.rb

@@ -3,8 +3,10 @@
 
 shared_examples_for "Rubies Advisory" do |path|
   include_examples 'Advisory', path
-  
+
   advisory = YAML.load_file(path)
+  schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/ruby.yml'))
+  validator = Kwalify::Validator.new(schema)
 
   describe path do
     let(:engine) { File.basename(File.dirname(path)) }
@@ -17,6 +19,11 @@
         expect(subject.downcase).to eq(engine.downcase)
       end
     end
+
+    it "should have valid schema" do
+      errors = validator.validate(advisory)
+      expect(errors).to be_empty
+    end
   end
 end
 

spec/schemas/gem.yml

@@ -0,0 +1,64 @@
+type: map
+mapping:
+  "gem":
+    type: str
+    required: yes
+  "library":
+    type: str
+  "framework":
+    type: str
+  "platform":
+    type: str
+  "cve":
+    type: str
+    pattern: /\d+-\d+/
+  "osvdb":
+    type: int
+  "ghsa":
+    type: str
+  "url":
+    type: str
+    required: true
+    pattern: /https?:\/\//
+  "title":
+    type: str
+    required: true
+  "date":
+    type: date
+    required: true
+  "description":
+    type: str
+    required: true
+  "cvss_v2":
+    type: float
+  "cvss_v3":
+    type: float
+  "unaffected_versions":
+    type: seq
+    sequence:
+      - type: str
+  "patched_versions":
+    type: seq
+    sequence:
+      - type: str
+  "vendor_patch":
+    type: seq
+    sequence:
+      - type: str
+        pattern: /https?:\/\//
+  "related":
+    type: map
+    mapping:
+      "cve":
+        type: seq
+        sequence:
+          - type: str
+      "osvdb":
+        type: seq
+        sequence:
+          - type: int
+      "url":
+        type: seq
+        sequence:
+        - type: str
+          pattern: /https?:\/\//

spec/schemas/ruby.yml

@@ -0,0 +1,36 @@
+type: map
+mapping:
+  "engine":
+    type: str
+    required: yes
+    enum: [jruby, rbx, ruby]
+  "cve":
+    type: str
+    pattern: /\d+-\d+/
+  "osvdb":
+    type: int
+  "url":
+    type: str
+    required: true
+    pattern: /https?:\/\//
+  "title":
+    type: str
+    required: true
+  "date":
+    type: date
+    required: true
+  "description":
+    type: str
+    required: true
+  "cvss_v2":
+    type: float
+  "cvss_v3":
+    type: float
+  "unaffected_versions":
+    type: seq
+    sequence:
+      - type: str
+  "patched_versions":
+    type: seq
+    sequence:
+      - type: str

spec/spec_helper.rb

@@ -1 +1,2 @@
+require 'kwalify'
 require 'rspec'