Validate advisories through schemas

rubysec · Oct 22, 2019 · 57a1de7 · 57a1de7
1 parent ec04dbd
commit 57a1de7
Show file tree

Hide file tree

Showing 7 changed files with 119 additions and 1 deletion.
diff --git a/Gemfile b/Gemfile
@@ -2,6 +2,7 @@ source 'https://rubygems.org'
 
 gem 'faraday'
 gem 'rake'
+gem 'kwalify'
 gem 'rspec'
 
 group :development do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -5,6 +5,7 @@ GEM
     diff-lcs (1.3)
     faraday (0.15.4)
       multipart-post (>= 1.2, < 3)
+    kwalify (0.7.2)
     method_source (0.9.0)
     mini_portile2 (2.4.0)
     multipart-post (2.1.1)
@@ -33,6 +34,7 @@ PLATFORMS
 
 DEPENDENCIES
   faraday
+  kwalify
   nokogiri
   pry
   rake

diff --git a/spec/gem_example.rb b/spec/gem_example.rb
@@ -5,6 +5,8 @@
   include_examples 'Advisory', path
 
   advisory = YAML.load_file(path)
+  schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/gem.yml'))
+  validator = Kwalify::Validator.new(schema)
 
   describe path do
     let(:gem) { File.basename(File.dirname(path)) }
@@ -33,5 +35,10 @@
         end
       end
     end
+
+    it "should have valid schema" do
+      errors = validator.validate(advisory)
+      expect(errors).to be_empty
+    end
   end
 end
diff --git a/spec/ruby_example.rb b/spec/ruby_example.rb
@@ -3,8 +3,10 @@
 
 shared_examples_for "Rubies Advisory" do |path|
   include_examples 'Advisory', path
-  
+
   advisory = YAML.load_file(path)
+  schema = YAML.load_file(File.join(File.dirname(__FILE__), 'schemas/ruby.yml'))
+  validator = Kwalify::Validator.new(schema)
 
   describe path do
     let(:engine) { File.basename(File.dirname(path)) }
@@ -17,6 +19,11 @@
         expect(subject.downcase).to eq(engine.downcase)
       end
     end
+
+    it "should have valid schema" do
+      errors = validator.validate(advisory)
+      expect(errors).to be_empty
+    end
   end
 end
 
diff --git a/spec/schemas/gem.yml b/spec/schemas/gem.yml
@@ -0,0 +1,64 @@
+type: map
+mapping:
+  "gem":
+    type: str
+    required: yes
+  "library":
+    type: str
+  "framework":
+    type: str
+  "platform":
+    type: str
+  "cve":
+    type: str
+    pattern: /\d+-\d+/
+  "osvdb":
+    type: int
+  "ghsa":
+    type: str
+  "url":
+    type: str
+    required: true
+    pattern: /https?:\/\//
+  "title":
+    type: str
+    required: true
+  "date":
+    type: date
+    required: true
+  "description":
+    type: str
+    required: true
+  "cvss_v2":
+    type: float
+  "cvss_v3":
+    type: float
+  "unaffected_versions":
+    type: seq
+    sequence:
+      - type: str
+  "patched_versions":
+    type: seq
+    sequence:
+      - type: str
+  "vendor_patch":
+    type: seq
+    sequence:
+      - type: str
+        pattern: /https?:\/\//
+  "related":
+    type: map
+    mapping:
+      "cve":
+        type: seq
+        sequence:
+          - type: str
+      "osvdb":
+        type: seq
+        sequence:
+          - type: int
+      "url":
+        type: seq
+        sequence:
+        - type: str
+          pattern: /https?:\/\//
diff --git a/spec/schemas/ruby.yml b/spec/schemas/ruby.yml
@@ -0,0 +1,36 @@
+type: map
+mapping:
+  "engine":
+    type: str
+    required: yes
+    enum: [jruby, rbx, ruby]
+  "cve":
+    type: str
+    pattern: /\d+-\d+/
+  "osvdb":
+    type: int
+  "url":
+    type: str
+    required: true
+    pattern: /https?:\/\//
+  "title":
+    type: str
+    required: true
+  "date":
+    type: date
+    required: true
+  "description":
+    type: str
+    required: true
+  "cvss_v2":
+    type: float
+  "cvss_v3":
+    type: float
+  "unaffected_versions":
+    type: seq
+    sequence:
+      - type: str
+  "patched_versions":
+    type: seq
+    sequence:
+      - type: str
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -1 +1,2 @@
+require 'kwalify'
 require 'rspec'