Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return line that fail validate #221

Closed
DavidLambertCyber opened this issue Mar 21, 2022 · 3 comments
Closed

Return line that fail validate #221

DavidLambertCyber opened this issue Mar 21, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@DavidLambertCyber
Copy link

DavidLambertCyber commented Mar 21, 2022
edited
Loading

Requesting enhancement to return the line/s that failed validation for json/xml.

->$ cyclonedx-cli validate --input-file ./badType_log4j_2.17.2_cyclonedx_1.3_sbom.json 
Unable to validate against any JSON schemas.
BOM is not valid.
  • to something like this, whatever makes sense and what is available,
->$ cyclonedx-cli validate --input-file ./badType_log4j_2.17.2_cyclonedx_1.3_sbom.json 
Unable to validate against any JSON schemas.
Schema Error | line 25671 | "ref" : true,
BOM is not valid.
JSON Error | line 5 | "version" : 1,{
  • If you get this far, output as JSON would be awesome!
@coderpatros coderpatros added the enhancement New feature or request label Mar 22, 2022
@andreas-hilti
Copy link
Contributor

andreas-hilti commented Apr 9, 2023
edited
Loading

@DavidLambertCyber I noticed that if you explicitly specify the CycloneDX schema version (i.e. use the --input-version argument), you get more detailed error messages. In your case:

cyclonedx-win-x64.exe validate --input-file badType_log4j_2.17.2_cyclonedx_1.3_sbom.json --input-version v1_3
Validating JSON BOM...
'{' is an invalid start of a property name. Expected a '"'. LineNumber: 4 | BytePositionInLine: 16.
BOM is not valid.

Probably one would need to first figure out the schema version and not just try to validate against all versions:

cyclonedx-cli/src/cyclonedx/Commands/ValidateCommand.cs

Lines 103 to 121 in 5de8d19

else if (options.InputFormat == ValidationBomFormat.json)
{
validationResult = Json.Validator.Validate(inputBom, SpecificationVersion.v1_4);
if (!validationResult.Valid)
{
validationResult = Json.Validator.Validate(inputBom, SpecificationVersion.v1_3);
}
if (!validationResult.Valid)
{
validationResult = Json.Validator.Validate(inputBom, SpecificationVersion.v1_2);
}
if (!validationResult.Valid)
{
validationResult.Messages = new List<string>
{
"Unable to validate against any JSON schemas."
};
}
}

@andreas-hilti
Copy link
Contributor

In addition, here one should also return the result.InstanceLocation, not only the result.SchemaLocation:
https://github.com/CycloneDX/cyclonedx-dotnet-library/blob/18c00b708834215484d43ffcf393889764dbdb69/src/CycloneDX.Core/Json/Validator.cs#L141-L142
to know on which element the validation failed, for instance not only

Validation failed: Value is "boolean" but should be "string"
#/properties/dependencies/items/$ref/properties/ref/type

but also include #/dependencies/0/ref in the validation message.

This was referenced Apr 16, 2023
Merged
Merged
mtsfoni added a commit that referenced this issue Aug 11, 2024
@andreas-hilti @mtsfoni
Improve JSON validation (#317)
4f578ad 
Improve JSON validation, in particular if you don't specify the
specification version.

This helps to address
#221.

On the given example, it will result in:
```
cyclonedx.exe validate --input-file badType_log4j_2.17.2_cyclonedx_1.3_sbom.json
Validation failed: Value is "boolean" but should be "string"
#/properties/dependencies/items/$ref/properties/ref/type
On instance: #/dependencies/0/ref:
True
Unable to validate against any JSON schemas.
BOM is not valid.
```

Signed-off-by: andreas hilti <[email protected]>
Co-authored-by: Michael Tsfoni <[email protected]>
@andreas-hilti
Copy link
Contributor

This should be improved in release 0.26.0.

@mtsfoni mtsfoni closed this as completed Aug 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@coderpatros @DavidLambertCyber @andreas-hilti @mtsfoni