Add JSON schema for Package and Vulnerability metadata

keshav-space · keshav-space · commit 4d5046fe6b10 · 2024-07-10T13:48:06.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/fedcode/management/commands/gen-schema.py b/fedcode/management/commands/gen-schema.py
@@ -0,0 +1,55 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import json
+
+from django.core.management.base import BaseCommand
+from pydantic.json_schema import GenerateJsonSchema
+
+from fedcode import schemas
+
+
+class GenerateFederatedCodeJsonSchema(GenerateJsonSchema):
+    def generate(self, schema, mode="validation"):
+        json_schema = super().generate(schema, mode=mode)
+        json_schema["$schema"] = self.schema_dialect
+        return json_schema
+
+
+def get_ordered_schema(schema, schema_path):
+    schema["$id"] = f"https://raw.githubusercontent.com/nexB/federatedcode/main/{schema_path}"
+    desired_order = [
+        "$schema",
+        "$id",
+        "title",
+        "type",
+    ]
+
+    ordered_schema = {key: schema[key] for key in desired_order}
+    ordered_schema.update({key: schema[key] for key in schema if key not in desired_order})
+    return ordered_schema
+
+
+def gen_schema(model_schema, path):
+    schema = model_schema.model_json_schema(schema_generator=GenerateFederatedCodeJsonSchema)
+    ordered_schema = get_ordered_schema(schema=schema, schema_path=path)
+    with open(path, "w", encoding="utf-8") as f:
+        json.dump(ordered_schema, f, indent=2)
+
+
+class Command(BaseCommand):
+    def handle(self, *args, **options):
+        gen_schema(
+            model_schema=schemas.Vulnerability,
+            path="schemas/vulnerability.schema.json",
+        )
+        gen_schema(
+            model_schema=schemas.Package,
+            path="schemas/package.schema.json",
+        )
diff --git a/fedcode/schemas.py b/fedcode/schemas.py
@@ -0,0 +1,51 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from djantic import ModelSchema
+from pydantic import ConfigDict
+from typing import List
+
+from fedcode import models
+
+
+class RemoteActor(ModelSchema):
+    model_config = ConfigDict(model=models.RemoteActor, exclude=["service", "package", "person"])
+
+
+class Repository(ModelSchema):
+    model_config = ConfigDict(
+        model=models.Repository,
+        exclude=["id", "vulnerability_set", "review_set", "syncrequest_set", "admin"],
+    )
+
+
+class Vulnerability(ModelSchema):
+    repo: Repository
+    model_config = ConfigDict(model=models.Vulnerability, exclude=["id"])
+
+
+class Reputation(ModelSchema):
+    model_config = ConfigDict(model=models.Reputation, exclude=["object_id" , "id"])
+
+
+class Note(ModelSchema):
+    reputation: List[Reputation]
+    reply_to: "Note"
+    model_config = ConfigDict(
+        model=models.Note, exclude=["id", "replies", "package_set", "person_set", "review_set"]
+    )
+
+
+Note.model_rebuild()
+
+
+class Package(ModelSchema):
+    remote_actor: RemoteActor
+    notes: List[Note]
+    model_config = ConfigDict(model=models.Package, exclude=["id", "follow_set", "service"])
diff --git a/requirements.txt b/requirements.txt
@@ -19,6 +19,7 @@ django-environ==0.11.2
 django-oauth-toolkit==2.3.0
 django-rest-framework==0.1.0
 djangorestframework==3.14.0
+djantic2==1.0.3
 docutils==0.20.1
 et-xmlfile==1.1.0
 exceptiongroup==1.1.1
@@ -63,6 +64,7 @@ psycopg-binary==3.1.16
 psycopg2-binary==2.9.9
 pycodestyle==2.11.1
 pycparser==2.21
+pydantic==2.8.2
 Pygments==2.17.2
 pytest==7.3.2
 pytest-django==4.5.2
diff --git a/schemas/package.schema.json b/schemas/package.schema.json
@@ -0,0 +1,184 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://raw.githubusercontent.com/nexB/federatedcode/main/schemas/package.schema.json",
+  "title": "Package",
+  "type": "object",
+  "$defs": {
+    "Note": {
+      "description": "A Note is a message send by a Person or Package.\nThe content is either a plain text message or structured YAML.\nIf the author is a Package actor then the content is always YAML\nIf the author is a Person actor then the content is always plain text\nhttps://www.w3.org/TR/activitystreams-vocabulary/#dfn-note",
+      "properties": {
+        "acct": {
+          "description": "acct",
+          "maxLength": 200,
+          "title": "Acct",
+          "type": "string"
+        },
+        "content": {
+          "description": "content",
+          "title": "Content",
+          "type": "string"
+        },
+        "reply_to": {
+          "$ref": "#/$defs/Note"
+        },
+        "mediaType": {
+          "default": "text/plain",
+          "description": "mediaType",
+          "maxLength": 20,
+          "title": "Mediatype",
+          "type": "string"
+        },
+        "created_at": {
+          "description": "A field to track when notes are created",
+          "format": "date-time",
+          "title": "Created At",
+          "type": "string"
+        },
+        "updated_at": {
+          "description": "A field to track when notes are updated",
+          "format": "date-time",
+          "title": "Updated At",
+          "type": "string"
+        },
+        "reputation": {
+          "items": {
+            "$ref": "#/$defs/Reputation"
+          },
+          "title": "Reputation",
+          "type": "array"
+        }
+      },
+      "required": [
+        "acct",
+        "content",
+        "reply_to",
+        "created_at",
+        "updated_at",
+        "reputation"
+      ],
+      "title": "Note",
+      "type": "object"
+    },
+    "RemoteActor": {
+      "description": "RemoteActor(url, username, created_at, updated_at)",
+      "properties": {
+        "url": {
+          "anyOf": [
+            {
+              "maxLength": 200,
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "url",
+          "title": "Url"
+        },
+        "username": {
+          "description": "username",
+          "maxLength": 100,
+          "title": "Username",
+          "type": "string"
+        },
+        "created_at": {
+          "description": "A field to track when remote actor are created",
+          "format": "date-time",
+          "title": "Created At",
+          "type": "string"
+        },
+        "updated_at": {
+          "description": "A field to track when remote actor are updated",
+          "format": "date-time",
+          "title": "Updated At",
+          "type": "string"
+        }
+      },
+      "required": [
+        "username",
+        "created_at",
+        "updated_at"
+      ],
+      "title": "RemoteActor",
+      "type": "object"
+    },
+    "Reputation": {
+      "description": "https://www.w3.org/TR/activitystreams-vocabulary/#dfn-like\nhttps://www.w3.org/ns/activitystreams#Dislike",
+      "properties": {
+        "voter": {
+          "description": "security@vcio",
+          "maxLength": 100,
+          "title": "Voter",
+          "type": "string"
+        },
+        "positive": {
+          "default": true,
+          "description": "positive",
+          "title": "Positive",
+          "type": "boolean"
+        },
+        "content_type": {
+          "description": "id",
+          "title": "Content Type",
+          "type": "integer"
+        },
+        "content_object": {
+          "description": "content_object",
+          "title": "Content Object",
+          "type": "integer"
+        }
+      },
+      "required": [
+        "voter",
+        "content_type",
+        "content_object"
+      ],
+      "title": "Reputation",
+      "type": "object"
+    }
+  },
+  "description": "A software package identified by its package url ( PURL ) ignoring versions",
+  "properties": {
+    "summary": {
+      "description": "profile summary",
+      "maxLength": 100,
+      "title": "Summary",
+      "type": "string"
+    },
+    "public_key": {
+      "description": "public_key",
+      "title": "Public Key",
+      "type": "string"
+    },
+    "local": {
+      "default": true,
+      "description": "local",
+      "title": "Local",
+      "type": "boolean"
+    },
+    "remote_actor": {
+      "$ref": "#/$defs/RemoteActor"
+    },
+    "purl": {
+      "description": "PURL (no version) ex: @pkg:maven/org.apache.logging",
+      "maxLength": 300,
+      "title": "Purl",
+      "type": "string"
+    },
+    "notes": {
+      "items": {
+        "$ref": "#/$defs/Note"
+      },
+      "title": "Notes",
+      "type": "array"
+    }
+  },
+  "required": [
+    "summary",
+    "public_key",
+    "remote_actor",
+    "purl",
+    "notes"
+  ]
+}
diff --git a/schemas/vulnerability.schema.json b/schemas/vulnerability.schema.json
diff --git a/setup.cfg b/setup.cfg
