diff --git a/.github/workflows/prepare-binaries.yml b/.github/workflows/prepare-binaries.yml index f554e6f..02a6412 100644 --- a/.github/workflows/prepare-binaries.yml +++ b/.github/workflows/prepare-binaries.yml @@ -61,6 +61,9 @@ jobs: - name: Run Unit Tests run: pytest scripts/ + - name: Validate DBX JSON Schema + run: python scripts/validate_schema.py PreSignedObjects/DBX/dbx_info_msft_latest.json PreSignedObjects/DBX/HashesJsonSchema.json + - name: Validate DBX Certificate References run: python scripts/validate_dbx_references.py PreSignedObjects/DBX diff --git a/PreSignedObjects/DBX/HashesJsonSchema.json b/PreSignedObjects/DBX/HashesJsonSchema.json index 37704b6..34e941b 100644 --- a/PreSignedObjects/DBX/HashesJsonSchema.json +++ b/PreSignedObjects/DBX/HashesJsonSchema.json @@ -1,323 +1,320 @@ { - "$schema": "http://json-schema.org/draft-04/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "type": "object", "properties": { "images": { "type": "object", "properties": { - "amd64": { + "x64": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "authenticodeHash": { - "type": "string", - "description": "Hash of the image using the PE Authenticode hashing standard" - }, - "hashType": { - "type": "string", - "enum": ["SHA256"], - "description": "Type of the hashing algorithm, e.g., SHA256" - }, - "flatHash": { - "type": "string", - "description": "SHA256 flat hash of the image file" - }, - "filename": { - "type": "string", - "description": "Name of the image file" - }, - "description": { - "type": "string", - "description": "Additional information for the image or the reason for its addition" - }, - "companyName": { - "type": "string", - "description": "Name of the company that authored the image" - }, - "dateOfAddition": { - "type": "string", - "format": "date-time", - "description": "Date when the certificate was added to this list in YYYY-MM-DD format" - }, - "signingAuthority": { - "type": "string", - "description": "Common name (CN) of the intermediate CA used to sign the image" - } + "items": { + "type": "object", + "properties": { + "authenticodeHash": { + "type": "string", + "description": "Hash of the image using the PE Authenticode hashing standard" }, - "required": [ - "authenticodeHash", - "hashType", - "flatHash", - "filename", - "description", - "companyName", - "dateOfAddition", - "signingAuthority" - ] - } - ] + "hashType": { + "type": "string", + "enum": [ + "SHA256" + ], + "description": "Type of the hashing algorithm, e.g., SHA256" + }, + "flatHash": { + "type": "string", + "description": "SHA256 flat hash of the image file" + }, + "filename": { + "type": "string", + "description": "Name of the image file" + }, + "description": { + "type": "string", + "description": "Additional information for the image or the reason for its addition" + }, + "companyName": { + "type": "string", + "description": "Name of the company that authored the image" + }, + "dateOfAddition": { + "type": "string", + "format": "date", + "description": "Date when the certificate was added to this list in YYYY-MM-DD format" + }, + "signingAuthority": { + "type": "string", + "description": "Common name (CN) of the intermediate CA used to sign the image" + } + }, + "required": [ + "authenticodeHash", + "hashType", + "flatHash", + "filename", + "description", + "companyName", + "dateOfAddition", + "signingAuthority" + ] + } }, - "x86": { + "ia32": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "authenticodeHash": { - "type": "string", - "description": "Hash of the image using the PE Authenticode hashing standard" - }, - "hashType": { - "type": "string", - "enum": ["SHA256"], - "description": "Type of the hashing algorithm, e.g., SHA256" - }, - "flatHash": { - "type": "string", - "description": "SHA256 flat hash of the image file" - }, - "filename": { - "type": "string", - "description": "Name of the image file" - }, - "description": { - "type": "string", - "description": "Additional information for the image or the reason for its addition" - }, - "companyName": { - "type": "string", - "description": "Name of the company that authored the image" - }, - "dateOfAddition": { - "type": "string", - "format": "date-time", - "description": "Date when the certificate was added to this list in YYYY-MM-DD format" - }, - "signingAuthority": { - "type": "string", - "description": "Common name (CN) of the intermediate CA used to sign the image" - } + "items": { + "type": "object", + "properties": { + "authenticodeHash": { + "type": "string", + "description": "Hash of the image using the PE Authenticode hashing standard" + }, + "hashType": { + "type": "string", + "enum": [ + "SHA256" + ], + "description": "Type of the hashing algorithm, e.g., SHA256" + }, + "flatHash": { + "type": "string", + "description": "SHA256 flat hash of the image file" + }, + "filename": { + "type": "string", + "description": "Name of the image file" + }, + "description": { + "type": "string", + "description": "Additional information for the image or the reason for its addition" }, - "required": [ - "authenticodeHash", - "hashType", - "flatHash", - "filename", - "description", - "companyName", - "dateOfAddition", - "signingAuthority" - ] - } - ] + "companyName": { + "type": "string", + "description": "Name of the company that authored the image" + }, + "dateOfAddition": { + "type": "string", + "format": "date", + "description": "Date when the certificate was added to this list in YYYY-MM-DD format" + }, + "signingAuthority": { + "type": "string", + "description": "Common name (CN) of the intermediate CA used to sign the image" + } + }, + "required": [ + "authenticodeHash", + "hashType", + "flatHash", + "filename", + "description", + "companyName", + "dateOfAddition", + "signingAuthority" + ] + } }, - "arm64": { + "aarch64": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "authenticodeHash": { - "type": "string", - "description": "Hash of the image using the PE Authenticode hashing standard" - }, - "hashType": { - "type": "string", - "enum": ["SHA256"], - "description": "Type of the hashing algorithm, e.g., SHA256" - }, - "flatHash": { - "type": "string", - "description": "SHA256 flat hash of the image file" - }, - "filename": { - "type": "string", - "description": "Name of the image file" - }, - "description": { - "type": "string", - "description": "Additional information for the image or the reason for its addition" - }, - "companyName": { - "type": "string", - "description": "Name of the company that authored the image" - }, - "dateOfAddition": { - "type": "string", - "format": "date-time", - "description": "Date when the certificate was added to this list in YYYY-MM-DD format" - }, - "signingAuthority": { - "type": "string", - "description": "Common name (CN) of the intermediate CA used to sign the image" - } + "items": { + "type": "object", + "properties": { + "authenticodeHash": { + "type": "string", + "description": "Hash of the image using the PE Authenticode hashing standard" + }, + "hashType": { + "type": "string", + "enum": [ + "SHA256" + ], + "description": "Type of the hashing algorithm, e.g., SHA256" + }, + "flatHash": { + "type": "string", + "description": "SHA256 flat hash of the image file" + }, + "filename": { + "type": "string", + "description": "Name of the image file" }, - "required": [ - "authenticodeHash", - "hashType", - "flatHash", - "filename", - "description", - "companyName", - "dateOfAddition", - "signingAuthority" - ] - } - ] + "description": { + "type": "string", + "description": "Additional information for the image or the reason for its addition" + }, + "companyName": { + "type": "string", + "description": "Name of the company that authored the image" + }, + "dateOfAddition": { + "type": "string", + "format": "date", + "description": "Date when the certificate was added to this list in YYYY-MM-DD format" + }, + "signingAuthority": { + "type": "string", + "description": "Common name (CN) of the intermediate CA used to sign the image" + } + }, + "required": [ + "authenticodeHash", + "hashType", + "flatHash", + "filename", + "description", + "companyName", + "dateOfAddition", + "signingAuthority" + ] + } }, - "arm": { + "arm": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "authenticodeHash": { - "type": "string", - "description": "Hash of the image using the PE Authenticode hashing standard" - }, - "hashType": { - "type": "string", - "enum": ["SHA256"], - "description": "Type of the hashing algorithm, e.g., SHA256" - }, - "flatHash": { - "type": "string", - "description": "SHA256 flat hash of the image file" - }, - "filename": { - "type": "string", - "description": "Name of the image file" - }, - "description": { - "type": "string", - "description": "Additional information for the image or the reason for its addition" - }, - "companyName": { - "type": "string", - "description": "Name of the company that authored the image" - }, - "dateOfAddition": { - "type": "string", - "format": "date-time", - "description": "Date when the certificate was added to this list in YYYY-MM-DD format" - }, - "signingAuthority": { - "type": "string", - "description": "Common name (CN) of the intermediate CA used to sign the image" - } + "items": { + "type": "object", + "properties": { + "authenticodeHash": { + "type": "string", + "description": "Hash of the image using the PE Authenticode hashing standard" + }, + "hashType": { + "type": "string", + "enum": [ + "SHA256" + ], + "description": "Type of the hashing algorithm, e.g., SHA256" }, - "required": [ - "authenticodeHash", - "hashType", - "flatHash", - "filename", - "description", - "companyName", - "dateOfAddition", - "signingAuthority" - ] - } - ] + "flatHash": { + "type": "string", + "description": "SHA256 flat hash of the image file" + }, + "filename": { + "type": "string", + "description": "Name of the image file" + }, + "description": { + "type": "string", + "description": "Additional information for the image or the reason for its addition" + }, + "companyName": { + "type": "string", + "description": "Name of the company that authored the image" + }, + "dateOfAddition": { + "type": "string", + "format": "date", + "description": "Date when the certificate was added to this list in YYYY-MM-DD format" + }, + "signingAuthority": { + "type": "string", + "description": "Common name (CN) of the intermediate CA used to sign the image" + } + }, + "required": [ + "authenticodeHash", + "hashType", + "flatHash", + "filename", + "description", + "companyName", + "dateOfAddition", + "signingAuthority" + ] + } } }, "required": [ - "amd64", - "x86", - "arm64", + "x64", + "ia32", + "aarch64", "arm" ] }, "certificates": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "Path to the certificate file" - }, - "subjectName": { - "type": "string", - "description": "Common name (CN) of the subject of the certificate" - }, - "issuerName": { - "type": "string", - "description": "Common name (CN) of the issuer of the certificate" - }, - "thumbprint": { - "type": "string", - "description": "SHA1 thumbprint of the certificate" - }, - "description": { - "type": "string", - "description": "Additional information for the certificate or the reason for its addition" - }, - "dateOfAddition": { - "type": "string", - "format": "date-time", - "description": "Date when the certificate was added to this list in YYYY-MM-DD format" - } + "items": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Path to the certificate file" }, - "required": [ - "value", - "subjectName", - "issuerName", - "thumbprint", - "description", - "dateOfAddition" - ] - } - ] + "subjectName": { + "type": "string", + "description": "Common name (CN) of the subject of the certificate" + }, + "issuerName": { + "type": "string", + "description": "Common name (CN) of the issuer of the certificate" + }, + "thumbprint": { + "type": "string", + "description": "SHA1 thumbprint of the certificate" + }, + "description": { + "type": "string", + "description": "Additional information for the certificate or the reason for its addition" + }, + "dateOfAddition": { + "type": "string", + "format": "date", + "description": "Date when the certificate was added to this list in YYYY-MM-DD format" + } + }, + "required": [ + "value", + "subjectName", + "issuerName", + "thumbprint", + "description", + "dateOfAddition" + ] + } }, - "svns": { + "svns": { "type": "array", - "items": [ - { - "type": "object", - "properties": { - "svnhash": { - "type": "string", - "description": "SVN_DATA value. Byte[0] is the UINT8 version of the SVN_DATA structure. Bytes[1...16] are the GUID of the application being revoked. Little endian. Bytes[17...18] are the Minor SVN number. Litte endian UINT16. Bytes[19...20] are the Major SVN number. Litte endian UINT16.Bytes[21...31] are 11 zero bytes padding." - }, - "svnvalue": { - "type": "string", - "description": "SVN version number. Versions less than this version are revoked." - }, - "filename": { - "type": "string", - "description": "Name of the image file" - }, - "guid": { - "type": "string", - "description": "GUID representation of the image file" - }, - "description": { - "type": "string", - "description": "Additional information for the svn, the image or the reason for its addition" - }, - "dateOfLastChange": { - "type": "string", - "format": "date-time", - "description": "Date when the SVN was updated most recently, in YYYY-MM-DD format" - } + "items": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "SVN_DATA value. Byte[0] is the UINT8 version of the SVN_DATA structure. Bytes[1...16] are the GUID of the application being revoked. Little endian. Bytes[17...18] are the Minor SVN number. Litte endian UINT16. Bytes[19...20] are the Major SVN number. Litte endian UINT16.Bytes[21...31] are 11 zero bytes padding." }, - "required": [ - "value", - "subjectName", - "issuerName", - "thumbprint", - "description", - "dateOfLastChange " - ] - } - ] + "version": { + "type": "string", + "description": "SVN version number. Versions less than this version are revoked." + }, + "filename": { + "type": "string", + "description": "Name of the image file" + }, + "guid": { + "type": "string", + "description": "GUID representation of the image file" + }, + "description": { + "type": "string", + "description": "Additional information for the svn, the image or the reason for its addition" + }, + "dateOfLastChange": { + "type": "string", + "format": "date", + "description": "Date when the SVN was updated most recently, in YYYY-MM-DD format" + } + }, + "required": [ + "value", + "version", + "filename", + "guid", + "description", + "dateOfLastChange" + ] + } } }, "required": [ "images", - "certificates" + "certificates", + "svns" ] } \ No newline at end of file diff --git a/pip-requirements.txt b/pip-requirements.txt index 0f2723e..de64652 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -6,3 +6,4 @@ pefile==2024.8.26 pyasn1==0.6.3 pyasn1_modules==0.4.2 cryptography==46.0.7 +jsonschema[format]==4.26.0 diff --git a/scripts/validate_schema.py b/scripts/validate_schema.py index 52d3dfb..1efe376 100644 --- a/scripts/validate_schema.py +++ b/scripts/validate_schema.py @@ -9,7 +9,7 @@ import logging import jsonschema -from jsonschema import validate +from jsonschema import FormatChecker, validate def validate_json_schema(json_data: dict, schema: dict) -> None: @@ -23,7 +23,7 @@ def validate_json_schema(json_data: dict, schema: dict) -> None: jsonschema.exceptions.ValidationError: If the JSON data does not conform to the schema. """ try: - validate(instance=json_data, schema=schema) + validate(instance=json_data, schema=schema, format_checker=FormatChecker()) logging.info("JSON data is valid against the schema.") except jsonschema.exceptions.ValidationError as err: logging.error(f"JSON data is invalid: {err.message}")