Added more upgrades to schema data validation

daveshanley · daveshanley · commit 6daac1b8e324 · 2023-07-20T15:20:28.000-04:00
Signed-off-by: Dave Shanley &lt;dave@quobix.com&gt;
diff --git a/requests/validate_request.go b/requests/validate_request.go
@@ -98,8 +98,18 @@ func ValidateRequestSchema(
 				}
 				// if we have a location within the schema, add it to the error
 				if located != nil {
+
+					line := located.Line
+					// if the located node is a map or an array, then the actual human interpretable
+					// line on which the violation occurred is the line of the key, not the value.
+					if located.Kind == yaml.MappingNode || located.Kind == yaml.SequenceNode {
+						if line > 0 {
+							line--
+						}
+					}
+
 					// location of the violation within the rendered schema.
-					violation.Line = located.Line
+					violation.Line = line
 					violation.Column = located.Column
 				}
 				schemaValidationErrors = append(schemaValidationErrors, violation)
diff --git a/responses/validate_response.go b/responses/validate_response.go
@@ -4,21 +4,21 @@
 package responses
 
 import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"github.com/pb33f/libopenapi-validator/errors"
-	"github.com/pb33f/libopenapi-validator/helpers"
-	"github.com/pb33f/libopenapi-validator/schema_validation"
-	"github.com/pb33f/libopenapi/datamodel/high/base"
-	"github.com/santhosh-tekuri/jsonschema/v5"
-	"gopkg.in/yaml.v3"
-	"io"
-	"net/http"
-	"reflect"
-	"regexp"
-	"strconv"
-	"strings"
+    "bytes"
+    "encoding/json"
+    "fmt"
+    "github.com/pb33f/libopenapi-validator/errors"
+    "github.com/pb33f/libopenapi-validator/helpers"
+    "github.com/pb33f/libopenapi-validator/schema_validation"
+    "github.com/pb33f/libopenapi/datamodel/high/base"
+    "github.com/santhosh-tekuri/jsonschema/v5"
+    "gopkg.in/yaml.v3"
+    "io"
+    "net/http"
+    "reflect"
+    "regexp"
+    "strconv"
+    "strings"
 )
 
 var instanceLocationRegex = regexp.MustCompile(`^/(\d+)`)
@@ -29,107 +29,117 @@ var instanceLocationRegex = regexp.MustCompile(`^/(\d+)`)
 //
 // This function is used by the ValidateResponseBody function, but can be used independently.
 func ValidateResponseSchema(
-	request *http.Request,
-	response *http.Response,
-	schema *base.Schema,
-	renderedSchema,
-	jsonSchema []byte) (bool, []*errors.ValidationError) {
-
-	var validationErrors []*errors.ValidationError
-
-	responseBody, _ := io.ReadAll(response.Body)
-
-	// close the request body, so it can be re-read later by another player in the chain
-	_ = response.Body.Close()
-	response.Body = io.NopCloser(bytes.NewBuffer(responseBody))
-
-	var decodedObj interface{}
-	_ = json.Unmarshal(responseBody, &decodedObj)
-
-	// no response body? failed to decode anything? nothing to do here.
-	if responseBody == nil || decodedObj == nil {
-		return true, nil
-	}
-
-	// create a new jsonschema compiler and add in the rendered JSON schema.
-	compiler := jsonschema.NewCompiler()
-	fName := fmt.Sprintf("%s.json", helpers.ResponseBodyValidation)
-	_ = compiler.AddResource(fName,
-		strings.NewReader(string(jsonSchema)))
-	jsch, _ := compiler.Compile(fName)
-
-	// validate the object against the schema
-	scErrs := jsch.Validate(decodedObj)
-	if scErrs != nil {
-		jk := scErrs.(*jsonschema.ValidationError)
-
-		// flatten the validationErrors
-		schFlatErrs := jk.BasicOutput().Errors
-		var schemaValidationErrors []*errors.SchemaValidationFailure
-		for q := range schFlatErrs {
-			er := schFlatErrs[q]
-			if er.KeywordLocation == "" || strings.HasPrefix(er.Error, "doesn't validate with") {
-				continue // ignore this error, it's useless tbh, utter noise.
-			}
-			if er.Error != "" {
-
-				// re-encode the schema.
-				var renderedNode yaml.Node
-				_ = yaml.Unmarshal(renderedSchema, &renderedNode)
-
-				// locate the violated property in the schema
-				located := schema_validation.LocateSchemaPropertyNodeByJSONPath(renderedNode.Content[0], er.KeywordLocation)
-
-				// extract the element specified by the instance
-				val := instanceLocationRegex.FindStringSubmatch(er.InstanceLocation)
-				var referenceObject string
-
-				if len(val) > 0 {
-					referenceIndex, _ := strconv.Atoi(val[1])
-					if reflect.ValueOf(decodedObj).Type().Kind() == reflect.Slice {
-						found := decodedObj.([]any)[referenceIndex]
-						recoded, _ := json.MarshalIndent(found, "", "  ")
-						referenceObject = string(recoded)
-					}
-				}
-				if referenceObject == "" {
-					referenceObject = string(responseBody)
-				}
-
-				violation := &errors.SchemaValidationFailure{
-					Reason:          er.Error,
-					Location:        er.KeywordLocation,
-					ReferenceSchema: string(renderedSchema),
-					ReferenceObject: referenceObject,
-					OriginalError:   jk,
-				}
-				// if we have a location within the schema, add it to the error
-				if located != nil {
-					// location of the violation within the rendered schema.
-					violation.Line = located.Line
-					violation.Column = located.Column
-				}
-				schemaValidationErrors = append(schemaValidationErrors, violation)
-			}
-		}
-
-		// add the error to the list
-		validationErrors = append(validationErrors, &errors.ValidationError{
-			ValidationType:    helpers.ResponseBodyValidation,
-			ValidationSubType: helpers.Schema,
-			Message: fmt.Sprintf("%d response body for '%s' failed to validate schema",
-				response.StatusCode, request.URL.Path),
-			Reason: fmt.Sprintf("The response body for status code '%d' is defined as an object. "+
-				"However, it does not meet the schema requirements of the specification", response.StatusCode),
-			SpecLine:               schema.GoLow().Type.KeyNode.Line,
-			SpecCol:                schema.GoLow().Type.KeyNode.Column,
-			SchemaValidationErrors: schemaValidationErrors,
-			HowToFix:               errors.HowToFixInvalidSchema,
-			Context:                string(renderedSchema), // attach the rendered schema to the error
-		})
-	}
-	if len(validationErrors) > 0 {
-		return false, validationErrors
-	}
-	return true, nil
+    request *http.Request,
+    response *http.Response,
+    schema *base.Schema,
+    renderedSchema,
+    jsonSchema []byte) (bool, []*errors.ValidationError) {
+
+    var validationErrors []*errors.ValidationError
+
+    responseBody, _ := io.ReadAll(response.Body)
+
+    // close the request body, so it can be re-read later by another player in the chain
+    _ = response.Body.Close()
+    response.Body = io.NopCloser(bytes.NewBuffer(responseBody))
+
+    var decodedObj interface{}
+    _ = json.Unmarshal(responseBody, &decodedObj)
+
+    // no response body? failed to decode anything? nothing to do here.
+    if responseBody == nil || decodedObj == nil {
+        return true, nil
+    }
+
+    // create a new jsonschema compiler and add in the rendered JSON schema.
+    compiler := jsonschema.NewCompiler()
+    fName := fmt.Sprintf("%s.json", helpers.ResponseBodyValidation)
+    _ = compiler.AddResource(fName,
+        strings.NewReader(string(jsonSchema)))
+    jsch, _ := compiler.Compile(fName)
+
+    // validate the object against the schema
+    scErrs := jsch.Validate(decodedObj)
+    if scErrs != nil {
+        jk := scErrs.(*jsonschema.ValidationError)
+
+        // flatten the validationErrors
+        schFlatErrs := jk.BasicOutput().Errors
+        var schemaValidationErrors []*errors.SchemaValidationFailure
+        for q := range schFlatErrs {
+            er := schFlatErrs[q]
+            if er.KeywordLocation == "" || strings.HasPrefix(er.Error, "doesn't validate with") {
+                continue // ignore this error, it's useless tbh, utter noise.
+            }
+            if er.Error != "" {
+
+                // re-encode the schema.
+                var renderedNode yaml.Node
+                _ = yaml.Unmarshal(renderedSchema, &renderedNode)
+
+                // locate the violated property in the schema
+                located := schema_validation.LocateSchemaPropertyNodeByJSONPath(renderedNode.Content[0], er.KeywordLocation)
+
+                // extract the element specified by the instance
+                val := instanceLocationRegex.FindStringSubmatch(er.InstanceLocation)
+                var referenceObject string
+
+                if len(val) > 0 {
+                    referenceIndex, _ := strconv.Atoi(val[1])
+                    if reflect.ValueOf(decodedObj).Type().Kind() == reflect.Slice {
+                        found := decodedObj.([]any)[referenceIndex]
+                        recoded, _ := json.MarshalIndent(found, "", "  ")
+                        referenceObject = string(recoded)
+                    }
+                }
+                if referenceObject == "" {
+                    referenceObject = string(responseBody)
+                }
+
+                violation := &errors.SchemaValidationFailure{
+                    Reason:          er.Error,
+                    Location:        er.KeywordLocation,
+                    ReferenceSchema: string(renderedSchema),
+                    ReferenceObject: referenceObject,
+                    OriginalError:   jk,
+                }
+                // if we have a location within the schema, add it to the error
+                if located != nil {
+
+                    line := located.Line
+                    // if the located node is a map or an array, then the actual human interpretable
+                    // line on which the violation occurred is the line of the key, not the value.
+                    if located.Kind == yaml.MappingNode || located.Kind == yaml.SequenceNode {
+                        if line > 0 {
+                            line--
+                        }
+                    }
+
+                    // location of the violation within the rendered schema.
+                    violation.Line = line
+                    violation.Column = located.Column
+                }
+                schemaValidationErrors = append(schemaValidationErrors, violation)
+            }
+        }
+
+        // add the error to the list
+        validationErrors = append(validationErrors, &errors.ValidationError{
+            ValidationType:    helpers.ResponseBodyValidation,
+            ValidationSubType: helpers.Schema,
+            Message: fmt.Sprintf("%d response body for '%s' failed to validate schema",
+                response.StatusCode, request.URL.Path),
+            Reason: fmt.Sprintf("The response body for status code '%d' is defined as an object. "+
+                "However, it does not meet the schema requirements of the specification", response.StatusCode),
+            SpecLine:               schema.GoLow().Type.KeyNode.Line,
+            SpecCol:                schema.GoLow().Type.KeyNode.Column,
+            SchemaValidationErrors: schemaValidationErrors,
+            HowToFix:               errors.HowToFixInvalidSchema,
+            Context:                string(renderedSchema), // attach the rendered schema to the error
+        })
+    }
+    if len(validationErrors) > 0 {
+        return false, validationErrors
+    }
+    return true, nil
 }
diff --git a/schema_validation/validate_document.go b/schema_validation/validate_document.go
@@ -10,6 +10,7 @@ import (
 	"github.com/pb33f/libopenapi-validator/helpers"
 	"github.com/santhosh-tekuri/jsonschema/v5"
 	_ "github.com/santhosh-tekuri/jsonschema/v5/httploader"
+	"gopkg.in/yaml.v3"
 	"strings"
 )
 
@@ -45,7 +46,6 @@ func ValidateOpenAPIDocument(doc libopenapi.Document) (bool, []*errors.Validatio
 				if er.Error != "" {
 
 					// locate the violated property in the schema
-
 					located := LocateSchemaPropertyNodeByJSONPath(info.RootNode.Content[0], er.KeywordLocation)
 					if located == nil {
 						// try again with the instance location
@@ -58,10 +58,20 @@ func ValidateOpenAPIDocument(doc libopenapi.Document) (bool, []*errors.Validatio
 						AbsoluteLocation: er.AbsoluteKeywordLocation,
 						OriginalError:    jk,
 					}
+
 					// if we have a location within the schema, add it to the error
 					if located != nil {
+						line := located.Line
+						// if the located node is a map or an array, then the actual human interpretable
+						// line on which the violation occurred is the line of the key, not the value.
+						if located.Kind == yaml.MappingNode || located.Kind == yaml.SequenceNode {
+							if line > 0 {
+								line--
+							}
+						}
+
 						// location of the violation within the rendered schema.
-						violation.Line = located.Line
+						violation.Line = line
 						violation.Column = located.Column
 					}
 					schemaValidationErrors = append(schemaValidationErrors, violation)
