diff options
Diffstat (limited to 'lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb')
-rw-r--r-- | lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb b/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb index 9d56e001c2f..a8d3ef1d6b5 100644 --- a/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb +++ b/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb @@ -6,7 +6,9 @@ module Gitlab module Sbom module Validators class CyclonedxSchemaValidator - SCHEMA_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'cyclonedx_report.json').freeze + SUPPORTED_SPEC_VERSIONS = %w[1.4 1.5].freeze + + SCHEMA_BASE_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'cyclonedx').freeze def initialize(report_data) @report_data = report_data @@ -17,13 +19,30 @@ module Gitlab end def errors - @errors ||= pretty_errors + @errors ||= validate! end private + def validate! + if spec_version_valid? + pretty_errors + else + [format("Unsupported CycloneDX spec version. Must be one of: %{versions}", + versions: SUPPORTED_SPEC_VERSIONS.join(', '))] + end + end + + def spec_version_valid? + SUPPORTED_SPEC_VERSIONS.include?(spec_version) + end + + def spec_version + @report_data['specVersion'] + end + def raw_errors - JSONSchemer.schema(SCHEMA_PATH).validate(@report_data) + JSONSchemer.schema(SCHEMA_BASE_PATH.join("bom-#{spec_version}.schema.json")).validate(@report_data) end def pretty_errors |