feat: Add blacklisting of endpoints with invalid media types

- Fixes jsonrainbow#543 and jsonrainbow#540
erayd · Jan 10, 2019 · d9dc83f · d9dc83f
1 parent 8daf5ee
commit d9dc83f
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 4 deletions.
diff --git a/src/JsonSchema/Uri/UriRetriever.php b/src/JsonSchema/Uri/UriRetriever.php
@@ -32,6 +32,14 @@ class UriRetriever implements BaseUriRetrieverInterface
         '|^https?://json-schema.org/draft-(0[34])/schema#?|' => 'package://dist/schema/json-schema-draft-$1.json'
     );
 
+    /**
+     * @var array A blacklist for media type ceheck exclusion
+     */
+    protected $mediaTypeBlacklist = array(
+        'http://json-schema.org/',
+        'https://json-schema.org/'
+    );
+
     /**
      * @var null|UriRetrieverInterface
      */
@@ -44,6 +52,16 @@ class UriRetriever implements BaseUriRetrieverInterface
      */
     private $schemaCache = array();
 
+    /**
+     * Adds an endpoint to the media type validation blacklist
+     *
+     * @param string $endpoint
+     */
+    public function addBlacklistedEndpoint($endpoint)
+    {
+        $this->mediaTypeBlacklist[] = $endpoint;
+    }
+
     /**
      * Guarantee the correct media type was encountered
      *
@@ -65,9 +83,10 @@ public function confirmMediaType($uriRetriever, $uri)
             return;
         }
 
-        if (substr($uri, 0, 23) == 'http://json-schema.org/') {
-            //HACK; they deliver broken content types
-            return true;
+        for ($i = 0, $iMax = count($this->mediaTypeBlacklist); $i < $iMax; $i++) {
+            if (stripos($uri, $this->mediaTypeBlacklist[$i]) === 0) {
+                return true;
+            }
         }
 
         throw new InvalidSchemaMediaTypeException(sprintf('Media type %s expected', Validator::SCHEMA_MEDIA_TYPE));

diff --git a/tests/Uri/UriRetrieverTest.php b/tests/Uri/UriRetrieverTest.php
@@ -330,7 +330,7 @@ public function testRetrieveSchemaFromPackage()
         $this->assertEquals('454f423bd7edddf0bc77af4130ed9161', md5(json_encode($schema)));
     }
 
-    public function testJsonSchemaOrgMediaTypeHack()
+    public function testJsonSchemaOrgMediaTypeBlacklistDefault()
     {
         $mock = $this->getMock('JsonSchema\Uri\UriRetriever', array('getContentType'));
         $mock->method('getContentType')->willReturn('Application/X-Fake-Type');
@@ -339,6 +339,28 @@ public function testJsonSchemaOrgMediaTypeHack()
         $this->assertTrue($retriever->confirmMediaType($mock, 'http://json-schema.org/'));
     }
 
+    /**
+     * @expectedException \JsonSchema\Exception\InvalidSchemaMediaTypeException
+     */
+    public function testJsonSchemaOrgMediaTypeBlacklistUnknown()
+    {
+        $mock = $this->getMock('JsonSchema\Uri\UriRetriever', array('getContentType'));
+        $mock->method('getContentType')->willReturn('Application/X-Fake-Type');
+        $retriever = new UriRetriever();
+
+        $retriever->confirmMediaType($mock, 'http://iglucentral.com');
+    }
+
+    public function testJsonSchemaOrgMediaTypeBlacklistAdded()
+    {
+        $mock = $this->getMock('JsonSchema\Uri\UriRetriever', array('getContentType'));
+        $mock->method('getContentType')->willReturn('Application/X-Fake-Type');
+        $retriever = new UriRetriever();
+        $retriever->addBlacklistedEndpoint('http://iglucentral.com');
+
+        $retriever->confirmMediaType($mock, 'http://iglucentral.com');
+    }
+
     public function testSchemaCache()
     {
         $retriever = new UriRetriever();