feat: Add schema validation for configs

Author: sanidhya-saraswat

.gitignore

@@ -0,0 +1 @@
+Access/access_modules/

Makefile

@@ -1,2 +1,5 @@
+schema_validate:
+	@echo $(shell python3 scripts/clone_access_modules.py && python3 scripts/validator.py)
+
 run_semgrep:
 	$(shell semgrep --error --config "p/cwe-top-25" --config "p/owasp-top-ten" --config "p/r2c-security-audit")

config.json

@@ -1,7 +1,17 @@
 {
-    "googleapi": {
-        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": "",
-        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": "",
-        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": ""
-    }
-}
+  "googleapi": {
+    "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": "",
+    "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": "",
+    "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": ""
+  },
+  "access_modules": {
+    "git_urls": [
+      "https://github.com/browserstack/enigma-public-access-modules.git"
+    ]
+  },
+  "enigmaGroup": {
+    "MAIL_APPROVER_GROUPS": [
+      "devnull@browserstack.com"
+    ]
+  }
+}

schema.json

@@ -0,0 +1,50 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "/schemas/central",
+  "title": "Config",
+  "description": "The config file schema",
+  "type": "object",
+  "properties": {
+    "googleapi": {
+      "description": "Config keys related to Google SSO",
+      "type": "object",
+      "properties": {
+        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": {
+          "description": "Google OAuth2 Key",
+          "type": "string"
+        },
+        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": {
+          "description": "Google OAuth2 secret",
+          "type": "string"
+        },
+        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": {
+          "description": "Google OAuth2 whitelisted domains",
+          "type": "string"
+        }
+      }
+    },
+    "access_modules": {
+      "description": "List of access modules attached to this tool",
+      "type": "object",
+      "properties": {
+        "git_urls": {
+          "description": "List of git URLs of access modules",
+          "type": "array"
+        }
+      }
+    },
+    "enigmaGroup":{
+      "description":"Config related of enigma groups",
+      "type":"object",
+      "properties":{
+        "MAIL_APPROVER_GROUPS":{
+          "description":"List of mail approvers",
+          "type":"array"
+        }
+      }
+    }
+  },
+  "required": [
+    "googleapi"
+  ]
+}

scripts/clone_access_modules.py

@@ -0,0 +1,18 @@
+import json
+import sys
+from git import Repo
+
+try:
+  f = open("./config.json","r")
+  config = json.load(f)
+  urls = config["access_modules"]["git_urls"]
+  for url in urls:
+    folder_name = url.split("/").pop()[:-4]
+    try:
+      Repo.clone_from(url, "./Access/access_modules/"+folder_name)
+    except Exception as e:
+      print("failed cloning "+folder_name+".")
+except Exception as e:
+  print("Access module cloning failed!")
+  print(str(e))
+  sys.exit(1)

scripts/validator.py

@@ -0,0 +1,25 @@
+import json
+import os
+import sys
+from jsonschema import validate
+
+try:
+  f = open("./schema.json","r")
+  schema = json.load(f)
+  f = open("./config.json", "r")
+  config = json.load(f)
+  root_folders = [ f.path for f in os.scandir("./Access/access_modules") if f.is_dir() ]
+  for folder in root_folders:
+    modules = [ f.path for f in os.scandir(folder) if f.is_dir() ]
+    for module in modules:
+      if os.path.exists(module+"/schema.json"):
+        f = open(module+"/schema.json")
+        module_schema = json.load(f)
+        schema["properties"].update(module_schema["properties"])
+        schema["required"] += module_schema["required"]
+  validate(instance=config, schema=schema) 
+  print("Schema validation passed!")
+except Exception as e:
+  print("Schema validation failed!")
+  print(e)
+  sys.exit(1)