diff --git a/Gemfile b/Gemfile index fc49da05db..e3b0ec8553 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,7 @@ source 'https://rubygems.org' gem 'faraday' gem 'rake' +gem 'kwalify' gem 'rspec' group :development do diff --git a/Gemfile.lock b/Gemfile.lock index 59c1078109..ab9a2dbdf8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -5,6 +5,7 @@ GEM diff-lcs (1.3) faraday (0.15.4) multipart-post (>= 1.2, < 3) + kwalify (0.7.2) method_source (0.9.0) mini_portile2 (2.4.0) multipart-post (2.1.1) @@ -33,6 +34,7 @@ PLATFORMS DEPENDENCIES faraday + kwalify nokogiri pry rake diff --git a/spec/gem_example.rb b/spec/gem_example.rb index 0cd3468e18..de6f681d67 100644 --- a/spec/gem_example.rb +++ b/spec/gem_example.rb @@ -33,5 +33,12 @@ end end end + + it "should have valid schema" do + schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/gem.yml')) + validator = Kwalify::Validator.new(schema) + errors = validator.validate(advisory) + expect(errors).to be_empty + end end end diff --git a/spec/ruby_example.rb b/spec/ruby_example.rb index 375fab3fe4..f33c0d20b6 100644 --- a/spec/ruby_example.rb +++ b/spec/ruby_example.rb @@ -3,7 +3,7 @@ shared_examples_for "Rubies Advisory" do |path| include_examples 'Advisory', path - + advisory = YAML.load_file(path) describe path do @@ -17,6 +17,13 @@ expect(subject.downcase).to eq(engine.downcase) end end + + it "should have valid schema" do + schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/ruby.yml')) + validator = Kwalify::Validator.new(schema) + errors = validator.validate(advisory) + expect(errors).to be_empty + end end end diff --git a/spec/schemas/gem.yml b/spec/schemas/gem.yml new file mode 100644 index 0000000000..bb78183b41 --- /dev/null +++ b/spec/schemas/gem.yml @@ -0,0 +1,64 @@ +type: map +mapping: + "gem": + type: str + required: yes + "library": + type: str + "framework": + type: str + "platform": + type: str + "cve": + type: str + pattern: /\d+-\d+/ + "osvdb": + type: int + "ghsa": + type: str + "url": + type: str + required: true + pattern: /https?:\/\// + "title": + type: str + required: true + "date": + type: date + required: true + "description": + type: str + required: true + "cvss_v2": + type: float + "cvss_v3": + type: float + "unaffected_versions": + type: seq + sequence: + - type: str + "patched_versions": + type: seq + sequence: + - type: str + "vendor_patch": + type: seq + sequence: + - type: str + pattern: /https?:\/\// + "related": + type: map + mapping: + "cve": + type: seq + sequence: + - type: str + "osvdb": + type: seq + sequence: + - type: int + "url": + type: seq + sequence: + - type: str + pattern: /https?:\/\// diff --git a/spec/schemas/ruby.yml b/spec/schemas/ruby.yml new file mode 100644 index 0000000000..bf4992c956 --- /dev/null +++ b/spec/schemas/ruby.yml @@ -0,0 +1,36 @@ +type: map +mapping: + "engine": + type: str + required: yes + enum: [jruby, rbx, ruby] + "cve": + type: str + pattern: /\d+-\d+/ + "osvdb": + type: int + "url": + type: str + required: true + pattern: /https?:\/\// + "title": + type: str + required: true + "date": + type: date + required: true + "description": + type: str + required: true + "cvss_v2": + type: float + "cvss_v3": + type: float + "unaffected_versions": + type: seq + sequence: + - type: str + "patched_versions": + type: seq + sequence: + - type: str diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 977945438e..ebd8bfaf6b 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1 +1,2 @@ +require 'kwalify' require 'rspec'