From 2a0e87957f3b49eb254523c9be1ce1693349de2a Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Mon, 27 Jun 2016 03:48:10 +0200
Subject: [PATCH] validate NodeInfo json against schema in ConnectionTester

---
 lib/connection_tester.rb           |  3 +++
 spec/lib/connection_tester_spec.rb | 21 ++++++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/lib/connection_tester.rb b/lib/connection_tester.rb
index e226d53fa..c75fdedc2 100644
--- a/lib/connection_tester.rb
+++ b/lib/connection_tester.rb
@@ -129,6 +129,8 @@ class ConnectionTester
       nd_resp = http.get(find_nodeinfo_url(ni_resp.body))
       find_software_version(nd_resp.body)
     end
+  rescue JSON::Schema::ValidationError, JSON::Schema::SchemaError => e
+    raise NodeInfoFailure, "#{e.class}: #{e.message}"
   rescue Faraday::ResourceNotFound, JSON::JSONError => e
     raise NodeInfoFailure, e.message[0..255].encode(Encoding.default_external, undef: :replace)
   rescue StandardError => e
@@ -190,6 +192,7 @@ class ConnectionTester
   # walk the JSON document, find the version string
   def find_software_version(body)
     info = JSON.parse(body)
+    JSON::Validator.validate!(NodeInfo.schema("1.0"), info)
     sw = info.fetch("software")
     @result.software_version = "#{sw.fetch('name')} #{sw.fetch('version')}"
   end
diff --git a/spec/lib/connection_tester_spec.rb b/spec/lib/connection_tester_spec.rb
index f6cce045b..e3a0b92a0 100644
--- a/spec/lib/connection_tester_spec.rb
+++ b/spec/lib/connection_tester_spec.rb
@@ -113,13 +113,21 @@ describe ConnectionTester do
   end
 
   describe "#nodeinfo" do
+    let(:ni_wellknown) { {links: [{rel: ConnectionTester::NODEINFO_SCHEMA, href: "/nodeinfo"}]} }
+
     it "reads the version from the nodeinfo document" do
-      ni_wellknown = {links: [{rel: ConnectionTester::NODEINFO_SCHEMA, href: "/nodeinfo"}]}
-      ni_document = {software: {name: "diaspora", version: "a.b.c.d"}}
+      ni_document = NodeInfo.build do |doc|
+        doc.version = "1.0"
+        doc.open_registrations = true
+        doc.protocols.inbound << "diaspora"
+        doc.protocols.outbound << "diaspora"
+        doc.software.name = "diaspora"
+        doc.software.version = "a.b.c.d"
+      end
 
       stub_request(:get, "#{url}#{ConnectionTester::NODEINFO_FRAGMENT}")
         .to_return(status: 200, body: JSON.generate(ni_wellknown))
-      stub_request(:get, "#{url}/nodeinfo").to_return(status: 200, body: JSON.generate(ni_document))
+      stub_request(:get, "#{url}/nodeinfo").to_return(status: 200, body: JSON.generate(ni_document.as_json))
 
       tester.nodeinfo
       expect(result.software_version).to eq("diaspora a.b.c.d")
@@ -136,5 +144,12 @@ describe ConnectionTester do
         .to_return(status: 200, body: '{"json"::::"malformed"}')
       expect { tester.nodeinfo }.to raise_error(ConnectionTester::NodeInfoFailure)
     end
+
+    it "handles a invalid nodeinfo document gracefully" do
+      stub_request(:get, "#{url}#{ConnectionTester::NODEINFO_FRAGMENT}")
+        .to_return(status: 200, body: JSON.generate(ni_wellknown))
+      stub_request(:get, "#{url}/nodeinfo").to_return(status: 200, body: '{"software": "invalid nodeinfo"}')
+      expect { tester.nodeinfo }.to raise_error(ConnectionTester::NodeInfoFailure)
+    end
   end
 end