Validating URIs in JSON Schema like validator service.

[s-l-teichmann]

The validator service validates the 'uri' format with a regular expression and does not allow encoding other than ASCII in this strings.
This PR emulates this behavior .

Solves #474

[tschmidtb51]

@bernhardreiter You mentioned in #474 (comment) to split the issue and address the problem upstream. Should we go ahead with this PR and then do the upstream thing or should we just track it here and hope for upstream to resolve the issue?

[s-l-teichmann]

@bernhardreiter You mentioned in #474 (comment) to split the issue and address the problem upstream. Should we go ahead with this PR and then do the upstream thing or should we just track it here and hope for upstream to resolve the issue?

I will do the split out tomorrow.

[bernhardreiter]

@s-l-teichmann did you do the split-up?

[bernhardreiter]

The regular expression used here is the fast mode one from https://github.com/ajv-validator/ajv-formats/ , this would degrade the validation quality.

• Example 1:

grep url /home/ber/d474/test-2023-11-30-2.json
        "url": "https://[@example.org/test.txt"

~/csaf-3.2.0-gnulinux-amd64/bin-linux-amd64/csaf_validator --validator=http://localhost:8082 --validator_preset=basic ~/d474/test-2023-11-30-2.json -o short
schema validation errors of "/home/ber/d474/test-2023-11-30-2.json"
[..]
  * /document/references/0/url: 'https://[@example.org/test.txt' is not valid 'uri'

[..]
  message: must match format "uri"
[..
"/home/ber/d474/test-2023-11-30-2.json" does not pass remote validation.


./bin-linux-amd64/csaf_validator --version3.2.1-4-g143cef1
./bin-linux-amd64/csaf_validator --validator=http://localhost:8082 --validator_preset=basic ~/d474/test-2023-11-30-2.json -o short
"/home/ber/d474/test-2023-11-30-2.json" passes the schema validation.
[..]
"/home/ber/d474/test-2023-11-30-2.json" does not pass remote validation.

• Example 2: https://[fe80::1/test.txt

There are more.

Conclusion: the current approach is not an improvement.

Suggestion:
We could either
a) use the full regular expression, or
b) we call the upstream validation function from https://github.com/santhosh-tekuri/jsonschema/ and add the check for ASCII characters.

I like b) better.

[bernhardreiter]

Considering the implementation options:
as format.validateURI is not a public method and it is used in a number of places, it is much better to fix this upstream.

So santhosh-tekuri/jsonschema#226 tries to do that

We shall put more efforts then into into migrating upstream from v5 to v6.