WIP: attempt at validating CNA container schema and converting ajv er…

…rors to json-editor errors per request of Vulnogram#192. Doesn't appear to be useful because errors are duplicative. Could be useful with proper if-branching targeting specify data types if ajv finds errors json-editor doesn't.
scotluns · Apr 16, 2024 · b936a20 · b936a20
1 parent bf798cc
commit b936a20
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 2 deletions.
diff --git a/default/cve5/conf.js b/default/cve5/conf.js
@@ -392,6 +392,19 @@ module.exports = {
                     });
                 }
             }
+            if (path == "root.containers.cna") {
+              if(cve5CnaContainerSchemaValidator !== undefined && !cve5CnaContainerSchemaValidator(value)) {
+                for (let e of cve5CnaContainerSchemaValidator.errors.filter(usefulAjvErrors)) {
+                  if (e.message in excludeErrors) continue;
+                  errors.push({
+                    path: path + e.instancePath.replaceAll("/","."),
+                    property: 'format',
+                    message: e.message,
+                    source: "ajv",
+                  })
+                }
+              }
+            }
             return errors;
         }
     ],
@@ -415,4 +428,4 @@ module.exports = {
         return errors;
     },*/
     router: router
-}
+}
diff --git a/public/js/editor.js b/public/js/editor.js
@@ -29,6 +29,22 @@ var editorLabel = document.getElementById('editorLabel');
 var iconTheme = 'vgi-';
 var starting_value = {};
 var sourceEditor;
+let cve5Schema;
+let cve5SchemaValidator;
+let cve5CnaContainerSchema;
+let cve5CnaContainerSchemaValidator;
+const cve5schemaUrl = "https://raw.githubusercontent.com/CVEProject/cve-schema/2aa608b6733cc2730a43901472ef0e706d0ef2b5/schema/v5.0/docs/CVE_JSON_bundled.json"
+const excludeErrors = {
+  "must have required property 'rejectedReasons'": true,
+  "must match exactly one schema in oneOf": true,
+  "must match a schema in anyOf": true,
+  "must NOT have additional properties": true,
+  "must have required property 'vendor'": true,
+  "must have required property 'product'": true,
+  "must have required property 'collectionURL'": true,
+  "must have required property 'packageName'": true,
+};
+const usefulAjvErrors = (e) => !(e.message in excludeErrors);
 
 JSONEditor.defaults.languages.en.error_oneOf = "Please fill in the required fields *";
 
@@ -1316,6 +1332,28 @@ function loadJSON(res, id, message, editorOptions) {
     }
     docEditor = new JSONEditor(document.getElementById('docEditor'), editorOptions ? editorOptions : docEditorOptions);
     docEditor.on('ready', async function () {
+        if (ajv7) {
+          Ajv = new ajv7({allErrors: true});
+          await fetch(cve5schemaUrl).then(
+            resp => resp.text()
+          ).then(
+            text => JSON.parse(text)
+          ).then(
+            schema => {
+
+              cve5Schema = {...schema};
+              cve5SchemaValidator = Ajv.compile(cve5Schema, {strict: false})
+              cve5CnaContainerSchema = {
+                definitions: schema.definitions,
+                oneOf:[
+                  {...schema.definitions.cnaPublishedContainer},
+                  {...schema.definitions.cnaRejectedContainer}
+                ],
+              };
+              cve5CnaContainerSchemaValidator = Ajv.compile(cve5CnaContainerSchema, {strict: false})
+            }
+          )
+        }
         await docEditor.root.setValue(res, true);
         infoMsg.textContent = message ? message : '';
         //errMsg.textContent = "";
@@ -1528,4 +1566,4 @@ function showAlert(msg, smallmsg, timer, showCancel) {
         setTimeout(function () {
             document.getElementById("alertDialog").close();
         }, timer);
-}
+}