Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb')
-rw-r--r--lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb25
1 files changed, 22 insertions, 3 deletions
diff --git a/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb b/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb
index 9d56e001c2f..a8d3ef1d6b5 100644
--- a/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb
+++ b/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb
@@ -6,7 +6,9 @@ module Gitlab
module Sbom
module Validators
class CyclonedxSchemaValidator
- SCHEMA_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'cyclonedx_report.json').freeze
+ SUPPORTED_SPEC_VERSIONS = %w[1.4 1.5].freeze
+
+ SCHEMA_BASE_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'cyclonedx').freeze
def initialize(report_data)
@report_data = report_data
@@ -17,13 +19,30 @@ module Gitlab
end
def errors
- @errors ||= pretty_errors
+ @errors ||= validate!
end
private
+ def validate!
+ if spec_version_valid?
+ pretty_errors
+ else
+ [format("Unsupported CycloneDX spec version. Must be one of: %{versions}",
+ versions: SUPPORTED_SPEC_VERSIONS.join(', '))]
+ end
+ end
+
+ def spec_version_valid?
+ SUPPORTED_SPEC_VERSIONS.include?(spec_version)
+ end
+
+ def spec_version
+ @report_data['specVersion']
+ end
+
def raw_errors
- JSONSchemer.schema(SCHEMA_PATH).validate(@report_data)
+ JSONSchemer.schema(SCHEMA_BASE_PATH.join("bom-#{spec_version}.schema.json")).validate(@report_data)
end
def pretty_errors
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 18:20:45 +0300