Validate CSAF documents against JSON schema.

2025-12-22 11:55:40 +01:00 · 2021-12-02 23:38:09 +01:00 · 2021-12-02 23:38:09 +01:00 · 78f0b2db0b
commit 78f0b2db0b
parent b21cef4677
6 changed files with 1417 additions and 0 deletions
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@ -58,6 +58,14 @@ func (c *controller) render(rw http.ResponseWriter, tmpl string, arg interface{}
 }

 func (c *controller) failed(rw http.ResponseWriter, tmpl string, err error) {
+	rw.Header().Set("Content-type", "text/html; charset=utf-8")
+	result := map[string]interface{}{"Error": []error{err}}
+	if err := c.tmpl.ExecuteTemplate(rw, tmpl, result); err != nil {
+		log.Printf("warn: %v\n", err)
+	}
+}
+
+func (c *controller) multiFailed(rw http.ResponseWriter, tmpl string, err interface{}) {
 	rw.Header().Set("Content-type", "text/html; charset=utf-8")
 	result := map[string]interface{}{"Error": err}
 	if err := c.tmpl.ExecuteTemplate(rw, tmpl, result); err != nil {
@ -182,6 +190,17 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	validationErrors, err := csaf.Validate(data)
+	if err != nil {
+		c.failed(rw, "upload.html", err)
+		return
+	}
+
+	if len(validationErrors) > 0 {
+		c.multiFailed(rw, "upload.html", validationErrors)
+		return
+	}
+
 	var content interface{}
 	if err := json.Unmarshal(data, &content); err != nil {
 		c.failed(rw, "upload.html", err)
--- a/cmd/csaf_provider/tmpl/upload.html
+++ b/cmd/csaf_provider/tmpl/upload.html
@ -8,8 +8,19 @@
  <body>
    <h1>CSAF-Provider - CSAF uploaded</h1>
    {{ if .Error }}
+    {{ if eq (len .Error) 1 }}
    <strong>Error: <tt>{{ .Error }}.</tt></strong>
    {{ else }}
+    <p>
+    Errors:
+    <ul>
+    {{ range .Error }}
+    <li>{{ . }}</li>
+    {{ end }}
+    </ul>
+    <p>
+    {{ end }}
+    {{ else }}
    <table>
      <tr><td>CSAF file:</td><td><tt>{{ .Name }}</tt></td></tr>
      <tr><td>Release date:</td><td><tt>{{ .ReleaseDate }}</tt></td></tr>
--- a/csaf/schema/csaf_json_schema.json
+++ b/csaf/schema/csaf_json_schema.json
--- a/csaf/validation.go
+++ b/csaf/validation.go
@ -0,0 +1,34 @@
+package csaf
+
+import (
+	_ "embed"
+
+	"github.com/xeipuuv/gojsonschema"
+)
+
+//go:embed schema/csaf_json_schema.json
+var schema string
+
+// Validate validates the document data against the JSON schema
+// of CSAF.
+func Validate(data []byte) ([]string, error) {
+	schemaLoader := gojsonschema.NewStringLoader(schema)
+	documentLoader := gojsonschema.NewStringLoader(string(data))
+
+	result, err := gojsonschema.Validate(schemaLoader, documentLoader)
+	if err != nil {
+		return nil, err
+	}
+
+	if result.Valid() {
+		return nil, nil
+	}
+
+	errors := result.Errors()
+	res := make([]string, len(errors))
+	for i, e := range errors {
+		res[i] = e.String()
+	}
+
+	return res, nil
+}
--- a/go.mod
+++ b/go.mod
@ -15,6 +15,9 @@ require (
 	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.4.2 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 // indirect
 	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
 	golang.org/x/text v0.3.3 // indirect
--- a/go.sum
+++ b/go.sum
@ -27,8 +27,15 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=