JSON Schema validation for Heimdall Data Format (HDF) documents. Validates all 7 HDF document types against their official schemas to ensure structural correctness and data integrity.

Scope and Responsibilities

hdf-validators provides schema-based validation:

Validate all HDF document types: Results, Baseline, System, Plan, Amendments, Evidence Package, Comparison
Auto-detect document type via the generic validate() function
Detailed error reporting with field-level validation messages
Support for both TypeScript and Go implementations

hdf-validators vs. hdf-utilities

hdf-validators	hdf-utilities
HDF schema validation	Format syntax validation
"Is this valid HDF?"	"Is this valid JSON/XML/CSV?"
"Does baselines exist and is it an array?"	"Can this string be parsed as JSON?"
Validates structure and types	Validates syntax only
HDF-specific semantic rules	Generic format handling

Example:

isValidJSON('{"foo": "bar"}') → true (utilities - just checks JSON syntax)
validateResults({foo: 'bar'}) → false, missing baselines field (validators - checks HDF schema)

Installation

npm install @mitre/hdf-validators

Usage

TypeScript

import { validateResults, validateBaseline } from '@mitre/hdf-validators';

// Validate HDF Results
const hdfResults = {
  baselines: [{
    name: 'My Baseline',
    checksum: { algorithm: 'sha256', value: 'abc123' },
    requirements: [{
      id: 'REQ-001',
      descriptions: [{ label: 'default', data: 'Test requirement' }],
      impact: 0.7,
      tags: { nist: ['AC-1'] },
      results: [{
        status: 'passed',
        codeDesc: 'Control check',
        startTime: '2025-01-01T00:00:00Z'
      }]
    }]
  }],
  targets: [],
  statistics: {}
};

const result = validateResults(hdfResults);

if (result.valid) {
  console.log('✓ Valid HDF Results document');
} else {
  console.error('✗ Validation failed:');
  console.error(result.getErrorMessage());

  // Or access individual errors
  result.errors.forEach(error => {
    console.error(`  ${error.field}: ${error.message}`);
  });
}

// Validate HDF Baseline
const hdfBaseline = {
  name: 'Security Baseline',
  title: 'Example Security Baseline',
  version: '1.0.0',
  checksum: { algorithm: 'sha256', value: 'def456' },
  requirements: [{
    id: 'REQ-001',
    title: 'Access Control',
    descriptions: [{ label: 'default', data: 'Requirement description' }],
    impact: 0.7,
    tags: { nist: ['AC-1', 'AC-2'] }
  }]
};

const baselineResult = validateBaseline(hdfBaseline);

if (!baselineResult.valid) {
  console.error('Validation errors:', baselineResult.errors);
}

// Auto-detect document type
import { validate } from '@mitre/hdf-validators';

const autoResult = validate(someHdfDocument);
// Automatically determines if it's Results or Baseline and validates accordingly

Go

package main

import (
	"encoding/json"
	"fmt"
	"os"

	validators "github.com/mitre/hdf-libs/hdf-validators/go/v3"
)

func main() {
	// Read HDF file
	data, err := os.ReadFile("results.json")
	if err != nil {
		panic(err)
	}

	// Validate HDF Results
	result := validators.ValidateResults(data)

	if result.Valid {
		fmt.Println("✓ Valid HDF Results document")
	} else {
		fmt.Println("✗ Validation failed:")
		fmt.Println(result.Error())

		// Access individual errors
		for _, e := range result.Errors {
			fmt.Printf("  %s: %s\n", e.Field, e.Description)
		}
		os.Exit(1)
	}
}

// Validate HDF Baseline
result := validators.ValidateBaseline(baselineData)

// Use custom schema directory (for development/testing)
validators.SetSchemaDir("./custom-schemas")
result = validators.ValidateResults(data) // Will use schemas from custom directory

// Reset to embedded schemas
validators.SetSchemaDir("")

API Reference

TypeScript

`validateResults(data: unknown): ValidationResult`

Validate data against the HDF Results schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validateBaseline(data: unknown): ValidationResult`

Validate data against the HDF Baseline schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validateComparison(data: unknown): ValidationResult`

Validate data against the HDF Comparison schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validateSystem(data: unknown): ValidationResult`

Validate data against the HDF System schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validatePlan(data: unknown): ValidationResult`

Validate data against the HDF Plan schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validateAmendments(data: unknown): ValidationResult`

Validate data against the HDF Amendments schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validateEvidencePackage(data: unknown): ValidationResult`

Validate data against the HDF Evidence Package schema.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`validate(data: unknown): ValidationResult`

Auto-detect document type and validate.

Parameters:
- data - JavaScript object to validate
Returns: ValidationResult with validation status and errors

`ValidationResult`

interface ValidationResult {
  valid: boolean;                    // True if validation passed
  errors: ValidationError[];         // Array of validation errors (empty if valid)
  getErrorMessage(): string;         // Formatted error message
}

`ValidationError`

interface ValidationError {
  field: string;      // JSON path to the field with error
  message: string;    // Description of the validation error
  value?: unknown;    // The invalid value (optional)
}

Go

`ValidateResults(data []byte) ValidationResult`

Validate JSON bytes against the HDF Results schema.

Parameters:
- data - JSON bytes to validate
Returns: ValidationResult with validation status and errors

`ValidateBaseline(data []byte) ValidationResult`

Validate JSON bytes against the HDF Baseline schema.

Parameters:
- data - JSON bytes to validate
Returns: ValidationResult with validation status and errors

`Validate(data []byte, schemaType SchemaType) ValidationResult`

Validate JSON bytes against specified schema type.

Parameters:
- data - JSON bytes to validate
- schemaType - TypeResults or TypeBaseline
Returns: ValidationResult with validation status and errors

`SetSchemaDir(dir string)`

Configure package to load schemas from a directory instead of embedded schemas.

Parameters:
- dir - Directory path (empty string to revert to embedded schemas)

`GetSchemaDir() string`

Get the current schema directory (empty if using embedded schemas).

Returns: Current schema directory path

`ValidationResult`

type ValidationResult struct {
    Valid  bool                `json:"valid"`    // True if validation passed
    Errors []ValidationError   `json:"errors"`   // Validation errors (empty if valid)
}

func (r ValidationResult) Error() string  // Formatted error message

`ValidationError`

type ValidationError struct {
    Field       string `json:"field"`        // JSON path to invalid field
    Description string `json:"description"`  // Error description
    Value       any    `json:"value"`        // Invalid value (optional)
}

Common Validation Errors

Missing Required Fields

baselines: is required

HDF Results must have a baselines array.

Invalid Field Types

baselines: must be array
baselines[0].name: is required

The name field is required for each baseline.

Invalid Enum Values

results[0].status: must be equal to one of the allowed values

Result status must be one of: passed, failed, error, notApplicable, notReviewed.

Invalid Numeric Ranges

impact: must be >= 0 and <= 1

Impact scores must be between 0.0 and 1.0.

Use Cases

Converter Output Validation

Validate that your converter produces valid HDF:

import { convertNessusToHdf } from '@mitre/hdf-converters';
import { validateResults } from '@mitre/hdf-validators';

const hdf = convertNessusToHdf(nessusXml);
const result = validateResults(JSON.parse(hdf));

if (!result.valid) {
  throw new Error(`Invalid HDF output: ${result.getErrorMessage()}`);
}

Pre-Upload Validation

Validate HDF before uploading to Heimdall:

const hdfData = JSON.parse(fs.readFileSync('scan-results.json', 'utf-8'));
const result = validateResults(hdfData);

if (result.valid) {
  uploadToHeimdall(hdfData);
} else {
  console.error('Cannot upload invalid HDF:', result.getErrorMessage());
}

CI/CD Pipeline Validation

# Validate HDF file in CI
hdf validate results.json

# Exit code 0 if valid, non-zero if invalid
if hdf validate scan.json --quiet; then
  echo "✓ HDF validation passed"
else
  echo "✗ HDF validation failed"
  exit 1
fi

Development

# Install dependencies
pnpm install

# Run TypeScript tests
pnpm test:ts

# Run Go tests
pnpm test:go

# Run all tests
pnpm test

# Run tests with coverage
pnpm test:coverage

# Build TypeScript package
pnpm build

# Lint code
pnpm lint

Test Coverage

Both TypeScript and Go implementations maintain >95% test coverage with comprehensive validation tests covering:

Valid HDF Results and Baseline documents
Invalid documents (missing fields, wrong types, invalid values)
Error message formatting
Custom schema directory loading (Go)
Integration tests with real HDF fixtures

License

Keywords

FAQs

What is @mitre/hdf-validators?

Is @mitre/hdf-validators well maintained?

Package last updated on 26 May 2026

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@mitre/hdf-validators