Skip to content

Commit 57a1de7

Browse files
committed
Validate advisories through schemas
1 parent ec04dbd commit 57a1de7

File tree

7 files changed

+119
-1
lines changed

7 files changed

+119
-1
lines changed

Gemfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ source 'https://rubygems.org'
22

33
gem 'faraday'
44
gem 'rake'
5+
gem 'kwalify'
56
gem 'rspec'
67

78
group :development do

Gemfile.lock

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ GEM
55
diff-lcs (1.3)
66
faraday (0.15.4)
77
multipart-post (>= 1.2, < 3)
8+
kwalify (0.7.2)
89
method_source (0.9.0)
910
mini_portile2 (2.4.0)
1011
multipart-post (2.1.1)
@@ -33,6 +34,7 @@ PLATFORMS
3334

3435
DEPENDENCIES
3536
faraday
37+
kwalify
3638
nokogiri
3739
pry
3840
rake

spec/gem_example.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
include_examples 'Advisory', path
66

77
advisory = YAML.load_file(path)
8+
schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/gem.yml'))
9+
validator = Kwalify::Validator.new(schema)
810

911
describe path do
1012
let(:gem) { File.basename(File.dirname(path)) }
@@ -33,5 +35,10 @@
3335
end
3436
end
3537
end
38+
39+
it "should have valid schema" do
40+
errors = validator.validate(advisory)
41+
expect(errors).to be_empty
42+
end
3643
end
3744
end

spec/ruby_example.rb

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@
33

44
shared_examples_for "Rubies Advisory" do |path|
55
include_examples 'Advisory', path
6-
6+
77
advisory = YAML.load_file(path)
8+
schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/ruby.yml'))
9+
validator = Kwalify::Validator.new(schema)
810

911
describe path do
1012
let(:engine) { File.basename(File.dirname(path)) }
@@ -17,6 +19,11 @@
1719
expect(subject.downcase).to eq(engine.downcase)
1820
end
1921
end
22+
23+
it "should have valid schema" do
24+
errors = validator.validate(advisory)
25+
expect(errors).to be_empty
26+
end
2027
end
2128
end
2229

spec/schemas/gem.yml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
type: map
2+
mapping:
3+
"gem":
4+
type: str
5+
required: yes
6+
"library":
7+
type: str
8+
"framework":
9+
type: str
10+
"platform":
11+
type: str
12+
"cve":
13+
type: str
14+
pattern: /\d+-\d+/
15+
"osvdb":
16+
type: int
17+
"ghsa":
18+
type: str
19+
"url":
20+
type: str
21+
required: true
22+
pattern: /https?:\/\//
23+
"title":
24+
type: str
25+
required: true
26+
"date":
27+
type: date
28+
required: true
29+
"description":
30+
type: str
31+
required: true
32+
"cvss_v2":
33+
type: float
34+
"cvss_v3":
35+
type: float
36+
"unaffected_versions":
37+
type: seq
38+
sequence:
39+
- type: str
40+
"patched_versions":
41+
type: seq
42+
sequence:
43+
- type: str
44+
"vendor_patch":
45+
type: seq
46+
sequence:
47+
- type: str
48+
pattern: /https?:\/\//
49+
"related":
50+
type: map
51+
mapping:
52+
"cve":
53+
type: seq
54+
sequence:
55+
- type: str
56+
"osvdb":
57+
type: seq
58+
sequence:
59+
- type: int
60+
"url":
61+
type: seq
62+
sequence:
63+
- type: str
64+
pattern: /https?:\/\//

spec/schemas/ruby.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
type: map
2+
mapping:
3+
"engine":
4+
type: str
5+
required: yes
6+
enum: [jruby, rbx, ruby]
7+
"cve":
8+
type: str
9+
pattern: /\d+-\d+/
10+
"osvdb":
11+
type: int
12+
"url":
13+
type: str
14+
required: true
15+
pattern: /https?:\/\//
16+
"title":
17+
type: str
18+
required: true
19+
"date":
20+
type: date
21+
required: true
22+
"description":
23+
type: str
24+
required: true
25+
"cvss_v2":
26+
type: float
27+
"cvss_v3":
28+
type: float
29+
"unaffected_versions":
30+
type: seq
31+
sequence:
32+
- type: str
33+
"patched_versions":
34+
type: seq
35+
sequence:
36+
- type: str

spec/spec_helper.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1+
require 'kwalify'
12
require 'rspec'

0 commit comments

Comments
 (0)