luzlab / ajv-formats-draft2019 Goto Github PK

View Code? Open in Web Editor NEW

9.0 9.0 7.0 116 KB

Plugin for AJV that adds support for some of string formats adding in the draft2019 JSON Schema.

License: MIT License

JavaScript 100.00%

ajv-formats-draft2019's People

Contributors

Stargazers

Watchers

Forkers

zo fluffywaffles fexpal fadysalama gbv egekorkan

ajv-formats-draft2019's Issues

New release with bug fixes

Hey @luzlab,

Would it be possible for you to release a new version of this package that includes the most recent bug fixes?

typescript declarations

It would be nice if this package had typescript types so that I could use it more easily in my typescript project (and have the typescript compiler check that I'm using it correctly).

I'm also using ajv-formats, which does include a index.d.ts in the package.

Bundle uuid from ajv-formats

AJV removed uuid from the stock distribution. This library should include the formatter for uuid since it's a part of the draft2019 spec.

Tests are failing against Ajv v7+

Is this compatible with latest versions of AJV?

Email IRIs are not valid `iri-reference`

The following simple script does not work:

const Ajv = require('ajv');
const apply = require('ajv-formats-draft2019');
const ajv = new Ajv();
apply(ajv); // returns ajv instance, allowing chaining

let schema = {
  type: 'string',
  format: 'iri-reference'
};
let result = ajv.validate(schema, 'mailto:[email protected]');

console.log (result)

With @FadySalama, we have dug deeper into the issue and find the following problems:

The test at

ajv-formats-draft2019/index.test.js

Line 283 in 465607e

assert.ok(!validate('mailto:[email protected]'));

is actually checking for invalidity
When we use the debugger, we get "addressParser is not a function" at validate of

ajv-formats-draft2019/formats/iri-reference.js

Line 2 in 465607e

const { addressParser } = require('smtp-address-parser');
When we change it to const AddressParser = require('smtp-address-parser').parse; , everything works

iri-reference generated by CycloneDX invalid?

Hi,

sorry to open another one about the scheme validation.
We're generating our bill of material with CycloneDX. The generated json files contain repository links that look like this:
{ "type": "vcs", "url": "git+https://github.com/Alex-D/check-disk-space.git" }
or
{ "type": "vcs", "url": "git+ssh://[email protected]/estools/escodegen.git" }

The validation of the json (using ajv) against the schema (also provided by CycloneDX) fails with dozens of errors:

{
    instancePath: '/components/1/externalReferences/2/url',
    schemaPath: '#/properties/url/format',
    keyword: 'format',
    params: { format: 'iri-reference' },
    message: 'must match format "iri-reference"'
}

According to your comment in #11 the strange git+ scheme seems to be valid but not in any of the lists you're validating against.
I honestly don't know where these references come from, but apparently they seem to be in a few package.json files on github (e.g. https://github.com/Alex-D/check-disk-space/blob/main/package.json)
I can work around the problem by wrapping the format validator and cutting off the git+ prefix, but that's not how it should be.

const validate = ajv.formats['iri-reference'] as FormatValidator<string>;
ajv.formats['iri-reference'] = (value) => {
   if (value && value.startsWith('git+')) {
     value = value.substring(4);
   }
   return validate(value);
};

What's your opinion on this?
Are git+https or git+ssh valid schemes or not?
Can they be supported?

iri format wrongly rejects URL with fragment

See example and fix in the next pull request...

Failing test on Node 10

After merging the smtp-address-parser PR, the tests failed on Node 10.

@gene-hightower Can you please fix this in your module? Otherwise, I'm going to revert the changes. Sorry I should have setup the GH action to run the tests BEFORE I merged the PR...

iri-reference should not check for URI schemes

The IETF specification does not specify that the URI scheme in an iri should be checked. After quickly checking with the JSON Schema community, this seems to be a bug. Why was this implemented explicitly and can it be simply removed?

"validate" is not defined in iri-refernces.js

The function validate is not defined in iri-references.js

ajv-formats-draft2019/formats/iri-reference.js

Line 7 in 2344389

if (iri.scheme === 'mailto' && iri.to.every(validate)) {

This causes a problem when a mailto:-iri is being validated

同学，您这个项目引入了94个开源组件，存在1个漏洞，辛苦升级一下

检测到 luzlab/ajv-formats-draft2019 一共引入了94个开源组件，存在1个漏洞

漏洞标题：ansi-regex 安全漏洞
缺陷组件：[email protected]
漏洞编号：CVE-2021-3807
漏洞描述：Ansi-Regex是用于匹配ANSI 转义码的正则表达式。
ansi-regex 存在安全漏洞，该漏洞源于易受低效正则表达式复杂性的影响。
影响范围：(2.1.1, 5.0.1)
最小修复版本：5.0.1
缺陷组件引入路径：[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
[email protected]>[email protected]>[email protected]>[email protected]>[email protected]>[email protected]

另外还有几个漏洞，详细报告：https://mofeisec.com/jr?p=i0adfd

S3 and other IRI

I have a valid S3 bucket URI: s3://cbers-pds/CBERS4/MUX/177/106/CBERS_4_MUX_20181029_177_106_L4/CBERS_4_MUX_20181029_177_106_L4_BAND5.tif

Unfortunately, it is rejected by this library.

I guess it's due to the fact that schemes on npm is outdated. Is there a way to disabled the schemes check?