feat: validate remote manifest against local schema at runtime#2873
Open
mvanhorn wants to merge 1 commit into
Open
feat: validate remote manifest against local schema at runtime#2873mvanhorn wants to merge 1 commit into
mvanhorn wants to merge 1 commit into
Conversation
When jsonschema is available, validate the fetched remote manifest against the local data.schema.json before processing. If validation fails, fall back to the local manifest with a warning. When jsonschema is not installed (standard pip users), validation is skipped so there is no behavior change. This contribution was developed with AI assistance (Claude Code).
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds optional schema validation for the remote manifest in
SitesInformation.__init__(sherlock_project/sites.py). Whenjsonschemais installed, the fetched remotedata.jsonis validated against the localdata.schema.jsonbefore processing. If validation fails, sherlock prints a warning and falls back to the local manifest (same behavior as--local).When
jsonschemais not installed (standard pip users), validation is skipped entirely -- no behavior change, no new dependency.Changes
sherlock_project/sites.py: Added conditionaljsonschemaimport with_HAS_JSONSCHEMAflag. After loading remote JSON (before$schemapop), validate against the local schema file. OnValidationError, reload from the packaged localdata.json.tests/test_manifest.py: Addedtest_schema_validation_fallback(verifies invalid manifest raises on direct load) andtest_schema_validation_passes_valid_manifest(verifies the current manifest validates cleanly).Context
ppfeister described this in #2613: "validates against the local .schema file, and if validation fails, simply fails gracefully with a notice or defers to the local manifest as if --local were used." The goal is that older sherlock versions degrade gracefully when the remote manifest schema evolves.
I noticed PR #2614 has been open for 6 months without review. This implementation takes a different approach by making
jsonschemaoptional at runtime (try/except import) rather than requiring it as a runtime dependency, since it's currently dev-only inpyproject.toml.Testing
All existing + new tests pass (
pytest tests/test_manifest.py-- 6/6 passed).Fixes #2613
This contribution was developed with AI assistance (Claude Code).