From cc061ec7a4becb205babb0d6c6e0886478272e50 Mon Sep 17 00:00:00 2001 From: sachinsharma Date: Thu, 18 Sep 2025 23:09:27 -0700 Subject: [PATCH 1/2] docs: add docstrings to validator.py --- cve_bin_tool/validator.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cve_bin_tool/validator.py b/cve_bin_tool/validator.py index 38ebe87a7c..c63d7f0f66 100644 --- a/cve_bin_tool/validator.py +++ b/cve_bin_tool/validator.py @@ -5,6 +5,15 @@ from cve_bin_tool.log import LOGGER +""" +Validation utilities for CVE Binary Tool. + +This module provides helpers to validate common security identifiers and +documents used by CVE Binary Tool (e.g., CVE ids, SPDX/CycloneDX/SWID/POM). +Docstrings are added to improve IDE help and to satisfy `interrogate` checks. + +""" + # This downgrades a message during module loading. if True: # Strange construction for pep8 compliance. logging.getLogger("xmlschema").setLevel(logging.WARNING) From 664b9c981f37a892190b09ff4cae67ca6941b4e2 Mon Sep 17 00:00:00 2001 From: sachinsharma Date: Thu, 18 Sep 2025 23:25:34 -0700 Subject: [PATCH 2/2] docs: add module-level docstring to validator.py Added a descriptive module-level docstring explaining the purpose of `validator.py` and the types of artifacts it validates (SPDX, CycloneDX, SWID, and Maven POM). This complements the existing function-level docstrings and improves overall documentation consistency. No functional changes. --- cve_bin_tool/validator.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/cve_bin_tool/validator.py b/cve_bin_tool/validator.py index c63d7f0f66..4134bf53ff 100644 --- a/cve_bin_tool/validator.py +++ b/cve_bin_tool/validator.py @@ -8,10 +8,20 @@ """ Validation utilities for CVE Binary Tool. -This module provides helpers to validate common security identifiers and -documents used by CVE Binary Tool (e.g., CVE ids, SPDX/CycloneDX/SWID/POM). -Docstrings are added to improve IDE help and to satisfy `interrogate` checks. +This module provides functions to validate common security-related +artifacts against their official XML schema definitions, including: +- SPDX: Software Package Data Exchange documents +- CycloneDX: Bill of Materials (SBOM) documents +- SWID: Software Identification Tag files +- Maven POM: Project Object Model files + +All functions delegate to a shared `_validate_xml` helper that applies +the correct schema using the `xmlschema` library. Validation results are +logged through the project’s logger for debugging and traceability. + +These helpers are used internally to ensure that inputs conform to +standards before further analysis. """ # This downgrades a message during module loading.