diff --git a/csaf/validation.go b/csaf/validation.go index 03a6e4c..881242f 100644 --- a/csaf/validation.go +++ b/csaf/validation.go @@ -1,20 +1,17 @@ package csaf import ( - "context" + "bytes" _ "embed" - "encoding/json" - "log" - "net/url" "sort" "strings" "sync" - "github.com/qri-io/jsonschema" + "github.com/santhosh-tekuri/jsonschema/v5" ) //go:embed schema/csaf_json_schema.json -var schema []byte +var csafSchema []byte //go:embed schema/cvss-v2.0.json var cvss20 []byte @@ -25,53 +22,62 @@ var cvss30 []byte //go:embed schema/cvss-v3.1.json var cvss31 []byte -func embedLoader(ctx context.Context, uri *url.URL, schema *jsonschema.Schema) error { +var ( + compileSchemaOnce sync.Once + compileError error + compiledSchema *jsonschema.Schema +) - var data []byte - switch u := uri.String(); u { - case "https://www.first.org/cvss/cvss-v2.0.json": - data = cvss20 - case "https://www.first.org/cvss/cvss-v3.0.json": - data = cvss30 - case "https://www.first.org/cvss/cvss-v3.1.json": - data = cvss31 - default: - log.Printf("escaped schema loader: %s\n", u) - return jsonschema.HTTPSchemaLoader(ctx, uri, schema) +func compileSchema() { + c := jsonschema.NewCompiler() + + for _, s := range []struct { + url string + data []byte + }{ + {"https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json", csafSchema}, + {"https://www.first.org/cvss/cvss-v2.0.json", cvss20}, + {"https://www.first.org/cvss/cvss-v3.0.json", cvss30}, + {"https://www.first.org/cvss/cvss-v3.1.json", cvss31}, + } { + if compileError = c.AddResource(s.url, bytes.NewReader(s.data)); compileError != nil { + return + } } - if schema == nil { - schema = &jsonschema.Schema{} - } - return json.Unmarshal(data, schema) -} -var registerEmbedLoaderOnce sync.Once - -func registerEmbedLoader() { - // Hook into schema loading. - slr := jsonschema.GetSchemaLoaderRegistry() - slr.Register("https", embedLoader) + compiledSchema, compileError = c.Compile( + "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json") } // ValidateCSAF validates the document data against the JSON schema // of CSAF. func ValidateCSAF(doc interface{}) ([]string, error) { - registerEmbedLoaderOnce.Do(registerEmbedLoader) + compileSchemaOnce.Do(compileSchema) + if compileError != nil { + return nil, compileError + } - ctx := context.Background() + err := compiledSchema.Validate(doc) + if err == nil { + return nil, nil + } - rs := &jsonschema.Schema{} - if err := json.Unmarshal(schema, rs); err != nil { + valErr, ok := err.(*jsonschema.ValidationError) + if !ok { return nil, err } - vs := rs.Validate(ctx, doc) - errs := *vs.Errs + basic := valErr.BasicOutput() + if basic.Valid { + return nil, nil + } + + errs := basic.Errors sort.Slice(errs, func(i, j int) bool { - pi := errs[i].PropertyPath - pj := errs[j].PropertyPath + pi := errs[i].InstanceLocation + pj := errs[j].InstanceLocation if strings.HasPrefix(pj, pi) { return true } @@ -81,12 +87,15 @@ func ValidateCSAF(doc interface{}) ([]string, error) { if pi != pj { return pi < pj } - return errs[i].Message < errs[j].Message + return errs[i].Error < errs[j].Error }) - res := make([]string, len(errs)) - for i, e := range errs { - res[i] = e.PropertyPath + ": " + e.Message + res := make([]string, 0, len(errs)) + + for i := range errs { + if e := &errs[i]; e.InstanceLocation != "" && e.Error != "" { + res = append(res, e.InstanceLocation+": "+e.Error) + } } return res, nil diff --git a/go.mod b/go.mod index ead2168..fd964b4 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/PaesslerAG/gval v1.1.2 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ProtonMail/gopenpgp/v2 v2.3.0 - github.com/qri-io/jsonschema v0.2.2-0.20210831022256-780655b2ba0e + github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 ) require ( @@ -15,7 +15,6 @@ require ( github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a // indirect github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/qri-io/jsonpointer v0.1.1 // indirect github.com/sirupsen/logrus v1.4.2 // indirect golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 // indirect golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect diff --git a/go.sum b/go.sum index 98d749c..5cd8cb7 100644 --- a/go.sum +++ b/go.sum @@ -22,18 +22,13 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/qri-io/jsonpointer v0.1.1 h1:prVZBZLL6TW5vsSB9fFHFAMBLI4b0ri5vribQlTJiBA= -github.com/qri-io/jsonpointer v0.1.1/go.mod h1:DnJPaYgiKu56EuDp8TU5wFLdZIcAnb/uH9v37ZaMV64= -github.com/qri-io/jsonschema v0.2.2-0.20210831022256-780655b2ba0e h1:gqHzseevuZPr3oOLES1nrPO3exQfeTKUiPcJub5axVs= -github.com/qri-io/jsonschema v0.2.2-0.20210831022256-780655b2ba0e/go.mod h1:g7DPkiOsK1xv6T/Ao5scXRkd+yTFygcANPBaaqW+VrI= -github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 h1:TToq11gyfNlrMFZiYujSekIsPd9AmsA2Bj/iv+s4JHE= +github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=