From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Eric Garver <e@erig.me>, netfilter-devel@vger.kernel.org
Subject: [nft PATCH 1/2] py: Implement JSON validation in nftables module
Date: Fri, 17 May 2019 13:09:30 +0200 [thread overview]
Message-ID: <20190517110931.14068-2-phil@nwl.cc> (raw)
In-Reply-To: <20190517110931.14068-1-phil@nwl.cc>
Using jsonschema it is possible to validate any JSON input to make sure
it formally conforms with libnftables JSON API requirements.
Implement a simple validator class for use within a new Nftables class
method 'json_validate' and ship a minimal schema definition along with
the package.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
py/Makefile.am | 2 +-
py/nftables.py | 30 ++++++++++++++++++++++++++++++
py/schema.json | 17 +++++++++++++++++
py/setup.py | 1 +
4 files changed, 49 insertions(+), 1 deletion(-)
create mode 100644 py/schema.json
diff --git a/py/Makefile.am b/py/Makefile.am
index 0963535d068dc..9fce7c9e54c38 100644
--- a/py/Makefile.am
+++ b/py/Makefile.am
@@ -1,4 +1,4 @@
-EXTRA_DIST = setup.py __init__.py nftables.py
+EXTRA_DIST = setup.py __init__.py nftables.py schema.json
if HAVE_PYTHON
diff --git a/py/nftables.py b/py/nftables.py
index 33cd2dfd736d4..db0f502b2951f 100644
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -17,9 +17,24 @@
import json
from ctypes import *
import sys
+import os
NFTABLES_VERSION = "0.1"
+class SchemaValidator:
+ """Libnftables JSON validator using jsonschema"""
+
+ def __init__(self):
+ schema_path = os.path.join(os.path.dirname(__file__), "schema.json")
+ schema_file = file(schema_path)
+ self.schema = json.load(schema_file)
+ schema_file.close()
+ import jsonschema
+ self.jsonschema = jsonschema
+
+ def validate(self, json):
+ self.jsonschema.validate(instance=json, schema=self.schema)
+
class Nftables:
"""A class representing libnftables interface"""
@@ -46,6 +61,8 @@ class Nftables:
"numeric_symbol": (1 << 9),
}
+ validator = None
+
def __init__(self, sofile="libnftables.so"):
"""Instantiate a new Nftables class object.
@@ -382,3 +399,16 @@ class Nftables:
if len(output):
output = json.loads(output)
return (rc, output, error)
+
+ def json_validate(self, json_root):
+ """Validate JSON object against libnftables schema.
+
+ Accepts a hash object as input.
+
+ Returns True if JSON is valid, raises an exception otherwise.
+ """
+ if not self.validator:
+ self.validator = SchemaValidator()
+
+ self.validator.validate(json_root)
+ return True
diff --git a/py/schema.json b/py/schema.json
new file mode 100644
index 0000000000000..6cb731a228bf4
--- /dev/null
+++ b/py/schema.json
@@ -0,0 +1,17 @@
+{
+ "$schema": "http://json-schema.org/schema#",
+ "id": "http://netfilter.org/nftables/ruleset-schema.json",
+ "description": "libnftables JSON API schema",
+
+ "type": "object",
+ "properties": {
+ "nftables": {
+ "type": "array",
+ "minitems": 0,
+ "items": {
+ "type": "object"
+ }
+ }
+ },
+ "required": [ "nftables" ]
+}
diff --git a/py/setup.py b/py/setup.py
index ef143c42a21b0..72fc8fd98b269 100755
--- a/py/setup.py
+++ b/py/setup.py
@@ -11,6 +11,7 @@ setup(name='nftables',
packages=['nftables'],
provides=['nftables'],
package_dir={'nftables':'.'},
+ package_data={'nftables':['schema.json']},
classifiers=[
'Development Status :: 4 - Beta',
'Environment :: Console',
--
2.21.0
next prev parent reply other threads:[~2019-05-17 11:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-17 11:09 [nft PATCH 0/2] JSON schema for nftables.py Phil Sutter
2019-05-17 11:09 ` Phil Sutter [this message]
2019-05-17 11:09 ` [nft PATCH 2/2] tests/py: Support JSON validation Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190517110931.14068-2-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=e@erig.me \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.