Skip to content

Feat/pydantic yaml validation#2436

Closed
khushal-winner wants to merge 4 commits intoOWASP:masterfrom
khushal-winner:feat/pydantic-yaml-validation
Closed

Feat/pydantic yaml validation#2436
khushal-winner wants to merge 4 commits intoOWASP:masterfrom
khushal-winner:feat/pydantic-yaml-validation

Conversation

@khushal-winner
Copy link
Contributor

@khushal-winner khushal-winner commented Feb 27, 2026

feat: Add Pydantic models for stricter YAML card validation

Closes #2430

Changes

  • Added card_models.py with base Card model (required title, description; typed mappings; optional suit fields)
  • Integrated validation in convert.py (raises ValidationError on invalid structure)
  • Added 21 unit tests covering valid/invalid cases (missing fields, wrong types, extra fields, nested mappings)
  • Updated README with validation notes

Why?

Tested

  • All 131 tests pass (21 new + 110 existing)
  • Manual runs: convert.py fails with detailed errors on invalid YAML
  • Performance: negligible overhead (~0.34s average load)

Before vs After

  • Before: silent failures on missing/wrong fields
  • After: immediate, readable ValidationError (e.g. "title required", "mappings must be dict")

Ready for review — happy to adjust schema or extend to other files.

@khushal-winner
feat: Add Pydantic YAML validation for Cornucopia card data
a9fd211 
- Add Pydantic as dev dependency (v2.12.5)
- Create comprehensive Pydantic models for card validation:
  - Card: Individual card structure with id, value, url, desc, misc, and optional card type
  - Suit: Container for cards with id and name
  - Meta: File metadata (edition, component, language, version)
  - CornucopiaData: Main model allowing extra top-level fields
- Integrate validation into convert.py get_language_data function
- Add 21 comprehensive unit tests covering all models and edge cases
- Validation complements existing FAILSAFE_SCHEMA (OWASP#2406)
- Strict validation for card structures while allowing flexibility for additional sections

Testing:
- All 21 tests pass
- Successfully validates real webapp-cards-3.0-en.yaml file
- Handles Joker cards with 'card' field
- Provides clear error messages for validation failures
@khushal-winner
fix: Restrict cflite_pr.yml to master branch only
96eefd9 
- Prevents ClusterFuzzLite from running on feature branches
- Only runs on master pull requests as intended
- Fixes workflow failures on feature branches
@khushal-winner
fix: Resolve YAML syntax errors in workflow files
4ba9af7 
- Fix duplicate 'uses' in scorecard.yml (removed duplicate line)
- Fix multi-line Python script in smoke-tests.yaml (converted to single line)
- Both workflow files now pass YAML validation
- Resolves GitHub Actions workflow syntax errors
@khushal-winner
revert: Restore cflite_pr.yml to original state
6e73026 
- Remove branch restriction from cflite_pr.yml
- Restores original behavior (runs on all PRs with matching paths)
- Maintains consistency with master branch configuration
@khushal-winner khushal-winner force-pushed the feat/pydantic-yaml-validation branch 2 times, most recently from 8f03876 to 6e73026 Compare February 27, 2026 23:56
@khushal-winner khushal-winner deleted the feat/pydantic-yaml-validation branch February 28, 2026 00:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

@sydseter sydseter Awaiting requested review from sydseter sydseter is a code owner

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add Pydantic models for stricter YAML card validation

1 participant

@khushal-winner