runtime validation

Author: omursahin

web-report/package.json

@@ -5,9 +5,10 @@
   "type": "module",
   "scripts": {
     "dev": "vite",
-    "generate": "json2ts ../src/main/resources/wfc/schemas/report.yaml src/types/GeneratedTypes.tsx",
+    "generate": "json2ts ../src/main/resources/wfc/schemas/report.yaml src/types/GeneratedTypes.tsx && ts-to-zod src/types/GeneratedTypes.tsx src/types/GeneratedTypesZod.ts",
     "build": "tsc -b && vite build",
-    "installAndBuild": "yarn install && yarn generate && vitest --no-watch && tsc -b && vite build",
+    "installAndBuild": "yarn install && yarn generate && vitest --no-watch && tsc -b && vite build && yarn copyRunFiles",
+    "copyRunFiles": "cpx webreport.bat ../target/classes/webreport && cpx webreport.command ../target/classes/webreport && cpx webreport.py ../target/classes/webreport",
     "lint": "eslint .",
     "preview": "vite preview",
     "debug": "vite build && cpx \"src-e2e/static/*\" ../target/classes/webreport && vite preview",
@@ -31,7 +32,8 @@
     "recharts": "^2.15.1",
     "tailwind-merge": "^3.0.2",
     "tailwindcss": "^4.0.14",
-    "tailwindcss-animate": "^1.0.7"
+    "tailwindcss-animate": "^1.0.7",
+    "zod": "^3.25.67"
   },
   "devDependencies": {
     "@eslint/js": "^9.21.0",
@@ -51,6 +53,7 @@
     "eslint-plugin-react-refresh": "^0.4.19",
     "globals": "^15.15.0",
     "happy-dom": "^17.4.7",
+    "ts-to-zod": "^3.15.0",
     "typescript": "^5.8.3",
     "typescript-eslint": "^8.24.1",
     "vite": "^6.2.0",

web-report/src-e2e/App.test.tsx

@@ -4,7 +4,7 @@ import {resolve} from "path";
 import {readFileSync} from "fs";
 import {vi} from "vitest";
 import App from "../src/App";
-import {fetchFileContent, getFaultCounts} from "@/lib/utils";
+import {fetchFileContent, getFaultCounts} from "../src/lib/utils";
 
 // Read the report.json file
 const reportJsonPath = resolve(__dirname, './static/report.json');

web-report/src/AppProvider.tsx

@@ -2,6 +2,7 @@ import {createContext, useContext, useState, ReactNode, useEffect} from 'react';
 import {WebFuzzingCommonsReport} from "@/types/GeneratedTypes.tsx";
 import {ITestFiles} from "@/types/General.tsx";
 import {fetchFileContent, ITransformedReport, transformWebFuzzingReport} from "@/lib/utils.tsx";
+import {webFuzzingCommonsReportSchema} from "@/types/GeneratedTypesZod.ts";
 
 type AppContextType = {
     data: WebFuzzingCommonsReport | null;
@@ -31,10 +32,17 @@ export const AppProvider = ({ children }: AppProviderProps) => {
         const fetchData = async () => {
             try {
                 const jsonData = await fetchFileContent('./report.json') as WebFuzzingCommonsReport;
+
+                // Validate the JSON data against the schema
+                const report = webFuzzingCommonsReportSchema.safeParse(jsonData);
+                if (!report.success) {
+                    setError("Invalid report format. Please ensure the report is generated correctly.");
+                    return;
+                }
                 setData(jsonData);
             } catch (error: Error | unknown) {
                 if (error instanceof Error) {
-                    setError("Could not load the report file. Please check if the file exists and is accessible in /public folder.");
+                    setError("Could not load the report file. Please check if the file exists and is accessible in main folder.");
                 } else {
                     console.error(error);
                 }

web-report/src/types/GeneratedTypesZod.ts

@@ -0,0 +1,94 @@
+// Generated by ts-to-zod
+import { z } from "zod";
+
+export const operationIdSchema = z.string();
+
+export const testCaseIdSchema = z.string();
+
+export const httpStatusSchema = z.number();
+
+export const testFilePathSchema = z.string();
+
+export const testCaseSchema = z.record(z.unknown()).and(
+  z.object({
+    id: testCaseIdSchema.optional(),
+    filePath: testFilePathSchema.optional(),
+    name: z.string().optional(),
+    startLine: z.number().optional(),
+    endLine: z.number().optional(),
+  }),
+);
+
+export const faultCategoryIdSchema = z.record(z.unknown()).and(
+  z.object({
+    code: z.number(),
+    context: z.string().optional(),
+  }),
+);
+
+export const coveredEndpointSchema = z.record(z.unknown()).and(
+  z.object({
+    endpointId: operationIdSchema,
+    testCaseId: testCaseIdSchema,
+    httpStatus: z.tuple([httpStatusSchema]).rest(httpStatusSchema),
+  }),
+);
+
+export const coverageCriterionSchema = z.record(z.unknown()).and(
+  z.object({
+    name: z.string(),
+    covered: z.number(),
+    total: z.number().optional(),
+  }),
+);
+
+export const rESTReportSchema = z.record(z.unknown()).and(
+  z.object({
+    totalHttpCalls: z.number(),
+    endpointIds: z.array(operationIdSchema),
+    coveredHttpStatus: z.array(coveredEndpointSchema),
+  }),
+);
+
+export const coverageSchema = z.record(z.unknown()).and(
+  z.object({
+    toolName: z.string(),
+    criteria: z.array(coverageCriterionSchema),
+  }),
+);
+
+export const foundFaultSchema = z.record(z.unknown()).and(
+  z.object({
+    operationId: operationIdSchema.optional(),
+    testCaseId: testCaseIdSchema,
+    faultCategories: z
+      .tuple([faultCategoryIdSchema])
+      .rest(faultCategoryIdSchema),
+  }),
+);
+
+export const faultsSchema = z.record(z.unknown()).and(
+  z.object({
+    totalNumber: z.number(),
+    foundFaults: z.array(foundFaultSchema),
+  }),
+);
+
+export const webFuzzingCommonsReportSchema = z.record(z.unknown()).and(
+  z.object({
+    schemaVersion: z.string(),
+    toolName: z.string(),
+    toolVersion: z.string(),
+    creationTime: z.string(),
+    faults: faultsSchema,
+    problemDetails: z.record(z.unknown()).and(
+      z.object({
+        rest: rESTReportSchema.optional(),
+      }),
+    ),
+    totalTests: z.number(),
+    testFilePaths: z.array(testFilePathSchema),
+    testCases: z.array(testCaseSchema),
+    extra: z.array(coverageSchema).optional(),
+  }),
+);