From dc951e678588bb5313891d2b8994a7ecee13eaa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Poniedzia=C5=82ek?= Date: Tue, 25 Apr 2023 15:55:53 +0200 Subject: [PATCH] Ignore `$ref` keyword referencing HTTP resources (close #238) --- .../client/validator/CirceValidator.scala | 13 +++++++ .../validator/ValidatingWithRefSpec.scala | 36 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 modules/core/src/test/scala/com.snowplowanalytics.iglu.client/validator/ValidatingWithRefSpec.scala diff --git a/modules/core/src/main/scala/com.snowplowanalytics.iglu/client/validator/CirceValidator.scala b/modules/core/src/main/scala/com.snowplowanalytics.iglu/client/validator/CirceValidator.scala index 12e03cdd..3653b777 100644 --- a/modules/core/src/main/scala/com.snowplowanalytics.iglu/client/validator/CirceValidator.scala +++ b/modules/core/src/main/scala/com.snowplowanalytics.iglu/client/validator/CirceValidator.scala @@ -19,7 +19,11 @@ import com.snowplowanalytics.iglu.client.resolver.StorageTime import com.snowplowanalytics.iglu.core.circe.MetaSchemas // Scala import com.fasterxml.jackson.databind.JsonNode +import com.networknt.schema.uri.URIFetcher import com.snowplowanalytics.iglu.client.resolver.Resolver.SchemaLookupResult +import java.io.{ByteArrayInputStream, InputStream} +import java.net.URI +import java.nio.charset.StandardCharsets import scala.jdk.CollectionConverters._ // Cats @@ -55,12 +59,21 @@ object CirceValidator extends Validator[Json] { private val V4SchemaInstance = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V4) + private val fakeUrlFetcher = new URIFetcher { + override def fetch(uri: URI): InputStream = { + // No effect on validation, because we return empty JSON Schema which matches any data. + val emptyJsonObject = Json.obj() + new ByteArrayInputStream(emptyJsonObject.toString().getBytes(StandardCharsets.UTF_8)) + } + } + private val IgluMetaschemaFactory = JsonSchemaFactory .builder(V4SchemaInstance) .addMetaSchema(IgluMetaschema) .forceHttps(false) .removeEmptyFragmentSuffix(false) + .uriFetcher(fakeUrlFetcher, "http", "https") .build() private val SchemaValidatorsConfig: SchemaValidatorsConfig = { diff --git a/modules/core/src/test/scala/com.snowplowanalytics.iglu.client/validator/ValidatingWithRefSpec.scala b/modules/core/src/test/scala/com.snowplowanalytics.iglu.client/validator/ValidatingWithRefSpec.scala new file mode 100644 index 00000000..ea7ae5dc --- /dev/null +++ b/modules/core/src/test/scala/com.snowplowanalytics.iglu.client/validator/ValidatingWithRefSpec.scala @@ -0,0 +1,36 @@ +package com.snowplowanalytics.iglu.client.validator + +import io.circe.literal._ +import org.specs2.mutable.Specification + +class ValidatingWithRefSpec extends Specification { + + val schema = + json""" + { + "$$schema": "http://iglucentral.com/schemas/com.snowplowanalytics.self-desc/schema/jsonschema/1-0-0#", + "description": "Test schema using $$ref with 'http'/'https' protocols", + "self": { + "vendor": "com.test", + "name": "test", + "format": "jsonschema", + "version": "1-0-0" + }, + "properties": { + "id": { + "allOf": [ + {"$$ref": "http://json-schema.org/draft-04/schema#"}, + {"$$ref": "https://json-schema.org/draft-04/schema"}, + {"$$ref": "http://anything"}, + {"$$ref": "https://anything"} + ] + } + } + } + """ + + "Validator should ignore '$ref' keyword" in { + val data = json"""{"id": "can_be_anything1234"}""" + CirceValidator.validate(data, schema) must beRight(()) + } +}