diff options
Diffstat (limited to 'app/validators')
13 files changed, 43 insertions, 345 deletions
diff --git a/app/validators/json_schema_validator.rb b/app/validators/json_schema_validator.rb index fee4a00cec5..8dc6265f471 100644 --- a/app/validators/json_schema_validator.rb +++ b/app/validators/json_schema_validator.rb @@ -12,12 +12,14 @@ class JsonSchemaValidator < ActiveModel::EachValidator FILENAME_ALLOWED = /\A[a-z0-9_-]*\Z/.freeze FilenameError = Class.new(StandardError) - JSON_VALIDATOR_MAX_DRAFT_VERSION = 4 + BASE_DIRECTORY = %w(app validators json_schemas).freeze def initialize(options) raise ArgumentError, "Expected 'filename' as an argument" unless options[:filename] raise FilenameError, "Must be a valid 'filename'" unless options[:filename].match?(FILENAME_ALLOWED) + @base_directory = options.delete(:base_directory) || BASE_DIRECTORY + super(options) end @@ -29,19 +31,27 @@ class JsonSchemaValidator < ActiveModel::EachValidator private + attr_reader :base_directory + def valid_schema?(value) - if draft_version > JSON_VALIDATOR_MAX_DRAFT_VERSION - JSONSchemer.schema(Pathname.new(schema_path)).valid?(value) - else - JSON::Validator.validate(schema_path, value) - end + validator.valid?(value) + end + + def validator + @validator ||= JSONSchemer.schema(Pathname.new(schema_path)) end def schema_path - Rails.root.join('app', 'validators', 'json_schemas', "#{options[:filename]}.json").to_s + @schema_path ||= Rails.root.join(*base_directory, filename_with_extension).to_s + end + + def filename_with_extension + "#{options[:filename]}.json" end def draft_version options[:draft] || JSON_VALIDATOR_MAX_DRAFT_VERSION end end + +JsonSchemaValidator.prepend_ee_mod diff --git a/app/validators/json_schemas/application_setting_kroki_formats.json b/app/validators/json_schemas/application_setting_kroki_formats.json index 460dc74069f..4dfa710abea 100644 --- a/app/validators/json_schemas/application_setting_kroki_formats.json +++ b/app/validators/json_schemas/application_setting_kroki_formats.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Kroki formats", "type": "object", "properties": { diff --git a/app/validators/json_schemas/build_metadata_secrets.json b/app/validators/json_schemas/build_metadata_secrets.json index e745a266777..799e7ab1642 100644 --- a/app/validators/json_schemas/build_metadata_secrets.json +++ b/app/validators/json_schemas/build_metadata_secrets.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "CI builds metadata secrets", "type": "object", "patternProperties": { diff --git a/app/validators/json_schemas/build_report_result_data.json b/app/validators/json_schemas/build_report_result_data.json index 0fb4fd6d0b7..0a12c9c39a7 100644 --- a/app/validators/json_schemas/build_report_result_data.json +++ b/app/validators/json_schemas/build_report_result_data.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Build report result data", "type": "object", "properties": { diff --git a/app/validators/json_schemas/build_report_result_data_tests.json b/app/validators/json_schemas/build_report_result_data_tests.json index b38559e727f..610070fde5f 100644 --- a/app/validators/json_schemas/build_report_result_data_tests.json +++ b/app/validators/json_schemas/build_report_result_data_tests.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Build report result data tests", "type": "object", "properties": { diff --git a/app/validators/json_schemas/codeclimate.json b/app/validators/json_schemas/codeclimate.json index 56056c62c4e..dc43eab6290 100644 --- a/app/validators/json_schemas/codeclimate.json +++ b/app/validators/json_schemas/codeclimate.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Codequality used by codeclimate parser", "type": "object", "required": ["description", "fingerprint", "severity", "location"], diff --git a/app/validators/json_schemas/daily_build_group_report_result_data.json b/app/validators/json_schemas/daily_build_group_report_result_data.json index 2524ac63050..2b073506375 100644 --- a/app/validators/json_schemas/daily_build_group_report_result_data.json +++ b/app/validators/json_schemas/daily_build_group_report_result_data.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Daily build group report result data", "type": "object", "properties": { diff --git a/app/validators/json_schemas/debian_fields.json b/app/validators/json_schemas/debian_fields.json index b9f6ad2b31d..ae1a2726ea2 100644 --- a/app/validators/json_schemas/debian_fields.json +++ b/app/validators/json_schemas/debian_fields.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Debian fields", "type": "object", "patternProperties": { diff --git a/app/validators/json_schemas/git_trailers.json b/app/validators/json_schemas/git_trailers.json index 18ac97226a7..384eb280765 100644 --- a/app/validators/json_schemas/git_trailers.json +++ b/app/validators/json_schemas/git_trailers.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "description": "Git trailer key/value pairs", "type": "object", "patternProperties": { diff --git a/app/validators/json_schemas/http_integration_payload_attribute_mapping.json b/app/validators/json_schemas/http_integration_payload_attribute_mapping.json index a194daf5e45..7aebc959169 100644 --- a/app/validators/json_schemas/http_integration_payload_attribute_mapping.json +++ b/app/validators/json_schemas/http_integration_payload_attribute_mapping.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "patternProperties": { ".*": { diff --git a/app/validators/json_schemas/security_ci_configuration_schemas/sast_ui_schema.json b/app/validators/json_schemas/security_ci_configuration_schemas/sast_ui_schema.json index 08442565931..dc4880946b2 100644 --- a/app/validators/json_schemas/security_ci_configuration_schemas/sast_ui_schema.json +++ b/app/validators/json_schemas/security_ci_configuration_schemas/sast_ui_schema.json @@ -1,4 +1,5 @@ { + "$schema": "http://json-schema.org/draft-07/schema#", "global": [ { "field" : "SECURE_ANALYZERS_PREFIX", @@ -50,36 +51,36 @@ ], "analyzers": [ { - "name": "brakeman", - "label": "Brakeman", + "name": "bandit", + "label": "Bandit", "enabled" : true, - "description": "Ruby on Rails", + "description": "Python", "variables": [ { - "field" : "SAST_BRAKEMAN_LEVEL", - "label" : "Brakeman confidence level.", + "field" : "SAST_BANDIT_EXCLUDED_PATHS", + "label" : "Paths to exclude from scan", "type": "string", - "default_value": "1", + "default_value": "", "value": "", "size": "SMALL", - "description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High." + "description": "Comma-separated list of paths to exclude from scan. Uses Python’s 'fnmatch' syntax; For example: '*/tests/*, */venv/*'" } ] }, { - "name": "bandit", - "label": "Bandit", + "name": "brakeman", + "label": "Brakeman", "enabled" : true, - "description": "Python", + "description": "Ruby on Rails", "variables": [ { - "field" : "SAST_BANDIT_EXCLUDED_PATHS", - "label" : "Paths to exclude from scan.", + "field" : "SAST_BRAKEMAN_LEVEL", + "label" : "Brakeman confidence level", "type": "string", - "default_value": "", + "default_value": "1", "value": "", "size": "SMALL", - "description": "Comma-separated list of paths to exclude from scan. Uses Python’s 'fnmatch' syntax; For example: '*/tests/*, */venv/*'" + "description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High." } ] }, @@ -109,7 +110,7 @@ }, { "name": "kubesec", - "label": "kubesec", + "label": "Kubesec", "enabled" : true, "description": "Kubernetes manifests, Helm Charts", "variables": [] @@ -123,7 +124,7 @@ }, { "name": "gosec", - "label": "Golang Security Checker", + "label": "Gosec", "enabled" : true, "description": "Go", "variables": [ diff --git a/app/validators/json_schemas/security_scan_info.json b/app/validators/json_schemas/security_scan_info.json deleted file mode 100644 index c8932c1870d..00000000000 --- a/app/validators/json_schemas/security_scan_info.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "title": "Security::Scan#info schema", - "description": "The schema validates the content of the Security::Scan#info attribute", - "additionalProperties": false, - "properties": { - "errors": { - "type": "array", - "items": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "type": "string" - }, - "message": { - "type": "string" - } - }, - "required": [ - "type", - "message" - ] - } - } - } -} diff --git a/app/validators/json_schemas/vulnerability_finding_details.json b/app/validators/json_schemas/vulnerability_finding_details.json deleted file mode 100644 index 2ba1fc9e9db..00000000000 --- a/app/validators/json_schemas/vulnerability_finding_details.json +++ /dev/null @@ -1,294 +0,0 @@ -{ - "type": "object", - "description": "The schema for vulnerability finding details", - "additionalProperties": false, - "patternProperties": { - "^.*$": { - "allOf": [ - { "$ref": "#/definitions/named_field" }, - { "$ref": "#/definitions/detail_type" } - ] - } - }, - "definitions": { - "detail_type": { - "oneOf": [ - { "$ref": "#/definitions/named_list" }, - { "$ref": "#/definitions/list" }, - { "$ref": "#/definitions/table" }, - { "$ref": "#/definitions/text" }, - { "$ref": "#/definitions/url" }, - { "$ref": "#/definitions/code" }, - { "$ref": "#/definitions/value" }, - { "$ref": "#/definitions/diff" }, - { "$ref": "#/definitions/markdown" }, - { "$ref": "#/definitions/commit" }, - { "$ref": "#/definitions/file_location" }, - { "$ref": "#/definitions/module_location" } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": ["http://mysite.com"] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": ["type", "value"], - "properties": { - "type": { "const": "value" }, - "value": { - "type": ["number", "string", "boolean"] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": ["Here is markdown `inline code` #1 [test](gitlab.com)\n\n"] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": ["compiled_binary"] - }, - "offset": { - "type": "integer", - "examples": [100] - } - } - } - } -} |