Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@balena/sbvr-types
Advanced tools
This module defines the data types that can be used in the SBVR model specification, as well as the possible relations between them. For each data type, there is a correspondence with a database data type, according to the various database engines that are supported.
The SBVR definition for types can be found at Type.sbvr
"The Rest" can be found at: balena-io-modules/sbvr-types/src/types
For a new type you should add a module to the types folder. The module should return a single object, which has the following format:
A types object, which specifies how the type is declared in various systems. This contains:
postgres: 'Serial'
mysql: (necessity, index) ->
return 'INTEGER' + necessity + index + ' AUTO_INCREMENT'
websql: (necessity, index) ->
return 'INTEGER' + necessity + index + ' AUTOINCREMENT'
odata:
name: 'Edm.Int64'
odata:
name: 'Self.Color'
complexType: '''
<ComplexType Name="Color">
<Property Name="r" Nullable="false" Type="Edm.Int8"/>\
<Property Name="g" Nullable="false" Type="Edm.Int8"/>\
<Property Name="b" Nullable="false" Type="Edm.Int8"/>\
<Property Name="a" Nullable="false" Type="Edm.Int8"/>\
</ComplexType>'''
(value, required) => Promise
that must be provided, and which should validate that incoming data is valid for this type.
value
is the value that has been received as part of the request.required
specifies whether this value is required (true: NOT NULL, false: NULL).Promise
should be returned with the resolved value being the valid, processed data, and any rejection being an error message explaining why the data is invalid.An example of validating a Color
type, we accept either a number that specifies the Color
, or an object {'r' or 'red', 'g' or 'green', 'b' or 'blue', 'a' or 'alpha'}, and return an integer that represents the Color
.
validate: Promise.method (value, required) ->
if typeof value != 'object'
processedValue = parseInt(value, 10)
if Number.isNaN(processedValue)
throw new Error('is neither an integer or color object: ' + value)
else
processedValue = 0
for own component, componentValue of value
if Number.isNaN(componentValue) or componentValue > 255
throw new Error('has invalid component value of ' + componentValue + ' for component ' + component)
switch component.toLowerCase()
when 'r', 'red'
processedValue |= componentValue << 16
when 'g', 'green'
processedValue |= componentValue << 8
when 'b', 'blue'
processedValue |= componentValue
when 'a', 'alpha'
processedValue |= componentValue << 24
else
throw new Error('has an unknown component: ' + component)
return processedValue
(data) => any
that may be specified to process the data after fetching from the database and before sending to the client. If specified this function should return the modified datafetchProcessing: (data) ->
return {
r: (data >> 16) & 0xFF
g: (data >> 8) & 0xFF
b: data & 0xFF
a: (data >> 24) & 0xFF
}
nativeProperties:
Verb:
Term: (from) -> ...
Term2: (from) -> ...
Verb2:
Term3: (from) -> ...
The (from) -> ...
function should return a chunk of abstract sql that can be used to fetch the property specified by this fact type, the from
parameter is abstract sql that will refer to an instance of the term that is of this type.
Text has Length:
nativeProperties:
'has':
'Length': (from) -> ['CharacterLength', from]
For the various properties of Color:
nativeProperties:
'has':
'Red Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 16], 255]
'Green Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 8], 255]
'Blue Component': (from) -> ['BitwiseShiftRight', from, 255]
'Alpha Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 24], 255]
nativeFactTypes:
'Term':
'Verb1': (from, to) -> ...
'Verb2': (from, to) -> ...
'Term2':
'Verb3': (from, to) -> ...
The (from, to) -> ...
function should return a chunk of abstract sql that can be used to resolve this fact type.
The from
parameter is abstract sql that will refer to an instance of the term that is of this type.
The to
parameter is abstract sql that will refer to an instance of the term that is of the type specified by the property name.
Note: The reasoning the ordering of this is SecondTerm -> Verb
, rather than Verb -> SecondTerm
is that it allows declaring all the links between two terms much easier (as you will see in the examples)
A selection of the the native fact types for Integer (in the actual file much more DRY is practiced):
nativeFactTypes:
'Integer':
'is less than': (from, to) -> ['LessThan', from, to]
'is less than or equal to': (from, to) -> ['LessThanOrEqual', from, to]
'Real':
'is less than': (from, to) -> ['LessThan', from, to]
'is less than or equal to': (from, to) -> ['LessThanOrEqual', from, to]
Note: You only need to specify the verb for the canonical for of the fact type, any synonymous forms will automatically be remapped to the canonical form
Tests can be found under the test/
folder, to run the whole suite use npm test
FAQs
SBVR type definitions.
The npm package @balena/sbvr-types receives a total of 0 weekly downloads. As such, @balena/sbvr-types popularity was classified as not popular.
We found that @balena/sbvr-types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.