Project

muskox

0.0
No commit activity in last 3 years
No release in over 3 years
muskoxbaroquebobcat/muskoxHomepageDocumentationSource CodeBug TrackerWiki
A JSON-Schema based Parser-Generator
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
4,260
Stars
11
Forks
1
Watchers
2
 Releases
Current version
0.0.1
Total releases
1
First release
2013-08-07
Latest release
2013-08-07
 Development
Primary Language
JavaScript
Licenses
MIT
Average date of last 50 commits
2013-09-21
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.3
rake
>= 0
 Project Readme

Muskox

A JSON Parser-Generator that takes a json-schema and converts it into a parser.

It supports a subset of json-schema, and changes some of the default assumptions of the spec to be stricter--eg it effectively sets the additionalProperties field to false by not allowing unspecified fields. It also doesn't allow patternProperties, or enum. It definitely doesn't follow the Hyper-Schema stuff. If you want to use a portion of someone elses' schema, you'll need to drop it into yours directly.

Why?

Using a parser to handle inputs makes your app safe from attacks that rely on passing disallowed params, because disallowed params will either be ignored or rejected.

Be definite about what you accept.(*)

Treat inputs as a language, accept it with a matching computational power, generate its recognizer from its grammar.

Treat input-handling computational power as privilege, and reduce it whenever possible.

http://www.cs.dartmouth.edu/~sergey/langsec/postel-principle-patch.txt

Installation

Add this line to your application's Gemfile:

gem 'muskox'

And then execute:

$ bundle

Or install it yourself as:

$ gem install muskox

Usage

    # to generate a parser, call generate w/ a JSON-Schema
    parser = Muskox.generate({
        "title" => "Schema",
        "type" => "object",
        "properties" => {
          "number" => {
            "type" => "integer"
          }
        },
        "required" => ["number"]
      })

    # then call parse with the string you want to have parsed
    n = parser.parse "{\"number\": 1}"
    # => {"number" => 1}
    
    # invalid types are disallowed
    parser.parse "{\"number\": true}" rescue puts $!

TODOs

  • performance improvements/testing
    • Ruby is slow & the lexer uses Regex. We should do something better
    • for JRuby: Jackson has a streaming interface that looks interesting
  • fuzz testing
    • needs more tests that try to break it
  • better JSON-schema support
    • maybe instead of reassuming the default for additionalProperties, we should validate schemas and say "Muskox requires additionalProperties: false"
  • more information on errors
  • add option to ignore additional properties (not particularly safe...)

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request