py: Implement JSON validation in nftables module

Using jsonschema it is possible to validate any JSON input to make sure
it formally conforms with libnftables JSON API requirements.

Implement a simple validator class for use within a new Nftables class
method 'json_validate' and ship a minimal schema definition along with
the package.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/py/Makefile.am b/py/Makefile.am
index 0963535d068dc6a19ad71f2d544ec2f1a3952780..9fce7c9e54c380744aaffff5792873a90961e443 100644 (file)
--- a/py/Makefile.am
+++ b/py/Makefile.am
@@ -1,4 +1,4 @@
-EXTRA_DIST = setup.py __init__.py nftables.py
+EXTRA_DIST = setup.py __init__.py nftables.py schema.json
 
 if HAVE_PYTHON
 

diff --git a/py/nftables.py b/py/nftables.py
index 33cd2dfd736d49da7667588e1917d84d38dbc7de..81e57567c8024ea43521833e5d284bd253a99187 100644 (file)
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -17,9 +17,23 @@
 import json
 from ctypes import *
 import sys
+import os
 
 NFTABLES_VERSION = "0.1"
 
+class SchemaValidator:
+    """Libnftables JSON validator using jsonschema"""
+
+    def __init__(self):
+        schema_path = os.path.join(os.path.dirname(__file__), "schema.json")
+        with open(schema_path, 'r') as schema_file:
+            self.schema = json.load(schema_file)
+        import jsonschema
+        self.jsonschema = jsonschema
+
+    def validate(self, json):
+        self.jsonschema.validate(instance=json, schema=self.schema)
+
 class Nftables:
     """A class representing libnftables interface"""
 
@@ -46,6 +60,8 @@ class Nftables:
         "numeric_symbol": (1 << 9),
     }
 
+    validator = None
+
     def __init__(self, sofile="libnftables.so"):
         """Instantiate a new Nftables class object.
 
@@ -382,3 +398,16 @@ class Nftables:
         if len(output):
             output = json.loads(output)
         return (rc, output, error)
+
+    def json_validate(self, json_root):
+        """Validate JSON object against libnftables schema.
+
+        Accepts a hash object as input.
+
+        Returns True if JSON is valid, raises an exception otherwise.
+        """
+        if not self.validator:
+            self.validator = SchemaValidator()
+
+        self.validator.validate(json_root)
+        return True

diff --git a/py/schema.json b/py/schema.json
new file mode 100644 (file)
index 0000000..460e215
--- /dev/null
+++ b/py/schema.json
@@ -0,0 +1,16 @@
+{
+       "$schema": "http://json-schema.org/schema#",
+       "description": "libnftables JSON API schema",
+
+       "type": "object",
+        "properties": {
+               "nftables": {
+                       "type": "array",
+                       "minitems": 0,
+                       "items": {
+                               "type": "object"
+                       }
+               }
+       },
+       "required": [ "nftables" ]
+}

diff --git a/py/setup.py b/py/setup.py
index ef143c42a21b03006eef9d1eb4ba95a1bdbb6201..72fc8fd98b2691609d503a0fa1469688bf566b20 100755 (executable)
--- a/py/setup.py
+++ b/py/setup.py
@@ -11,6 +11,7 @@ setup(name='nftables',
       packages=['nftables'],
       provides=['nftables'],
       package_dir={'nftables':'.'},
+      package_data={'nftables':['schema.json']},
       classifiers=[
           'Development Status :: 4 - Beta',
           'Environment :: Console',