svg_conform 0.1.0

data/lib/svg_conform/requirements/namespace_attributes_requirement.rb

@@ -0,0 +1,211 @@
+# frozen_string_literal: true
+
+require_relative "base_requirement"
+
+module SvgConform
+  module Requirements
+    # Validates that elements don't have attributes from disallowed namespaces
+    # or only have attributes from allowed namespaces (whitelist mode)
+    class NamespaceAttributesRequirement < BaseRequirement
+      attribute :type, :string, default: -> { "NamespaceAttributesRequirement" }
+      attribute :disallowed_namespaces, :string, collection: true, default: -> {
+        []
+      }
+      attribute :allowed_namespaces, :string, collection: true, default: -> {
+        []
+      }
+      attribute :exempt_elements, :string, collection: true, default: -> { [] }
+
+      yaml do
+        map "id", to: :id
+        map "description", to: :description
+        map "type", to: :type
+        map "disallowed_namespaces", to: :disallowed_namespaces
+        map "allowed_namespaces", to: :allowed_namespaces
+        map "exempt_elements", to: :exempt_elements
+      end
+
+      def check(node, context)
+        return unless element?(node)
+
+        # Skip validation for exempt elements (e.g., RDF metadata elements)
+        return if exempt_elements.include?(node.name)
+
+        # Try to get attributes using different methods depending on what's available
+        if node.respond_to?(:attribute_nodes)
+          # Use attribute_nodes if available (Nokogiri style)
+          check_attribute_nodes(node, context)
+        elsif node.respond_to?(:attributes)
+          # Fallback to attributes method (Moxml style)
+          check_attributes_hash(node, context)
+        end
+      end
+
+      private
+
+      def check_attribute_nodes(node, context)
+        node.attribute_nodes.each do |attr|
+          # Check if attribute has a namespace
+          namespace_uri = attr.namespace&.href
+          next unless namespace_uri
+
+          # Determine if this namespace is invalid based on configuration
+          invalid_namespace = if allowed_namespaces.empty?
+                                # Blacklist mode: disallowed namespaces are forbidden
+                                disallowed_namespaces.include?(namespace_uri)
+                              else
+                                # Whitelist mode: only allowed namespaces are permitted
+                                !allowed_namespaces.include?(namespace_uri)
+                              end
+
+          next unless invalid_namespace
+
+          # Get the full attribute name with prefix if available
+          attr_name = if attr.respond_to?(:namespace) && attr.namespace&.prefix
+                        "#{attr.namespace.prefix}:#{attr.name}"
+                      else
+                        attr.name
+                      end
+
+          context.add_error(
+            requirement_id: id,
+            message: "Element '#{node.name}' does not allow attributes with namespace '#{namespace_uri}'",
+            node: node,
+            severity: :error,
+            data: { attribute: attr_name, namespace: namespace_uri },
+          )
+        end
+      end
+
+      def check_attributes_hash(node, context)
+        return unless node.respond_to?(:attributes)
+
+        attributes = node.attributes
+
+        # Handle both Hash and Array cases
+        if attributes.respond_to?(:each_key)
+          # Hash case
+          attributes.each_key do |name|
+            check_attribute_name(name, node, context)
+          end
+        elsif attributes.respond_to?(:each)
+          # Array case - iterate over attribute objects
+          attributes.each do |attr|
+            check_moxml_attribute(attr, node, context)
+          end
+        end
+      end
+
+      def check_moxml_attribute(attr, node, context)
+        # For Moxml attributes, check if they have namespace information
+        if attr.respond_to?(:namespace) && attr.namespace
+          namespace_uri = if attr.namespace.respond_to?(:href)
+                            attr.namespace.href
+                          elsif attr.namespace.respond_to?(:uri)
+                            attr.namespace.uri
+                          else
+                            attr.namespace.to_s
+                          end
+
+          # Skip if no namespace URI
+          return unless namespace_uri && !namespace_uri.empty?
+
+          # Determine if this namespace is invalid based on configuration
+          invalid_namespace = if allowed_namespaces.empty?
+                                # Blacklist mode: disallowed namespaces are forbidden
+                                disallowed_namespaces.include?(namespace_uri)
+                              else
+                                # Whitelist mode: only allowed namespaces are permitted
+                                !allowed_namespaces.include?(namespace_uri)
+                              end
+
+          return unless invalid_namespace
+
+          # Get the full attribute name with prefix if available
+          attr_name = if attr.namespace.respond_to?(:prefix) && attr.namespace.prefix
+                        "#{attr.namespace.prefix}:#{attr.name}"
+                      else
+                        attr.name
+                      end
+
+          context.add_error(
+            requirement_id: id,
+            message: "Element '#{node.name}' does not allow attributes with namespace '#{namespace_uri}'",
+            node: node,
+            severity: :error,
+            data: { attribute: attr_name, namespace: namespace_uri },
+          )
+        else
+          # Fallback to name-based checking for attributes without namespace objects
+          name = attr.respond_to?(:name) ? attr.name : attr.to_s
+          check_attribute_name(name, node, context)
+        end
+      end
+
+      def check_attribute_name(name, node, context)
+        # Convert name to string if it's not already
+        name_str = name.to_s
+
+        # Check if this is a namespaced attribute by looking for colon in name
+        return unless name_str.include?(":")
+
+        prefix, = name_str.split(":", 2)
+
+        # Find the namespace URI for this prefix
+        namespace_uri = find_namespace_uri(node, prefix)
+
+        return unless namespace_uri
+
+        # Determine if this namespace is invalid based on configuration
+        invalid_namespace = if allowed_namespaces.empty?
+                              # Blacklist mode: disallowed namespaces are forbidden
+                              disallowed_namespaces.include?(namespace_uri)
+                            else
+                              # Whitelist mode: only allowed namespaces are permitted
+                              !allowed_namespaces.include?(namespace_uri)
+                            end
+
+        return unless invalid_namespace
+
+        context.add_error(
+          requirement_id: id,
+          message: "Element '#{node.name}' does not allow attributes with namespace '#{namespace_uri}'",
+          node: node,
+          severity: :error,
+          data: { attribute: name, namespace: namespace_uri },
+        )
+      end
+
+      def find_namespace_uri(node, prefix)
+        # Check current node's namespace definitions
+        current = node
+        while current.respond_to?(:parent)
+          if current.respond_to?(:namespace_definitions)
+            ns_def = current.namespace_definitions.find do |ns|
+              ns.prefix == prefix
+            end
+            if ns_def
+              return ns_def.uri if ns_def.respond_to?(:uri)
+              return ns_def.href if ns_def.respond_to?(:href)
+
+              return ns_def.to_s
+            end
+          end
+
+          # Check if it's defined as an attribute (xmlns:prefix)
+          xmlns_value = get_attribute(current, "xmlns:#{prefix}")
+          return xmlns_value if xmlns_value
+
+          # Move to parent, but break if parent is nil or doesn't respond to parent
+          begin
+            current = current.parent
+          rescue StandardError
+            break
+          end
+        end
+
+        nil
+      end
+    end
+  end
+end

data/lib/svg_conform/requirements/namespace_requirement.rb

@@ -0,0 +1,294 @@
+# frozen_string_literal: true
+
+require_relative "base_requirement"
+
+module SvgConform
+  module Requirements
+    # Validates that SVG documents have proper namespace declarations
+    class NamespaceRequirement < BaseRequirement
+      attribute :type, :string, default: -> { "NamespaceRequirement" }
+      attribute :allowed_namespaces, :string, collection: true, default: -> {
+        ["http://www.w3.org/2000/svg"]
+      }
+      attribute :disallowed_namespaces, :string, collection: true, default: -> {
+        []
+      }
+      attribute :required_namespace, :string, default: "http://www.w3.org/2000/svg"
+      attribute :allow_rdf_metadata, :boolean, default: false
+
+      # RDF-related namespaces commonly found in SVG metadata
+      RDF_NAMESPACES = [
+        "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
+        "http://creativecommons.org/ns#",
+        "http://purl.org/dc/elements/1.1/",
+        "http://purl.org/dc/dcmitype/",
+        "http://www.w3.org/2000/01/rdf-schema#",
+      ].freeze
+
+      yaml do
+        map "id", to: :id
+        map "description", to: :description
+        map "type", to: :type
+        map "allowed_namespaces", to: :allowed_namespaces
+        map "disallowed_namespaces", to: :disallowed_namespaces
+        map "required_namespace", to: :required_namespace
+        map "allow_rdf_metadata", to: :allow_rdf_metadata
+      end
+
+      def validate_document(document, context)
+        root = document.root
+        return unless root
+
+        # Check if root element is svg
+        unless root.name == "svg"
+          context.add_error(
+            requirement: self,
+            node: root,
+            message: "Root element must be 'svg'",
+            data: { element_name: root.name },
+          )
+          return
+        end
+
+        # Check for SVG namespace - Moxml handles namespace differently
+        svg_namespace = nil
+
+        # Try to get namespace from Moxml's namespace method
+        if root.respond_to?(:namespace) && root.namespace
+          namespace_str = root.namespace.to_s
+          # Extract the URI from the namespace string like 'xmlns="http://www.w3.org/2000/svg"'
+          svg_namespace = ::Regexp.last_match(1) if namespace_str =~ /xmlns="([^"]+)"/
+        end
+
+        # Fallback to checking xmlns attribute
+        svg_namespace ||= get_attribute(root, "xmlns")
+
+        # Default namespace (empty string) should be treated as SVG namespace
+        svg_namespace = "" if svg_namespace.nil?
+
+        # Check against allowed namespaces if configured
+        if allowed_namespaces && !allowed_namespaces.empty? && !allowed_namespaces.include?(svg_namespace)
+          context.add_error(
+            requirement: self,
+            node: root,
+            message: "Namespace '#{svg_namespace}' is not allowed. Only #{allowed_namespaces.join(', ')} are permitted",
+            data: {
+              current_namespace: svg_namespace,
+              allowed_namespaces: allowed_namespaces,
+            },
+          )
+          return
+        end
+
+        # Check against disallowed namespaces if configured (legacy support)
+        if disallowed_namespaces && !disallowed_namespaces.empty? && disallowed_namespaces.include?(svg_namespace)
+          context.add_error(
+            requirement: self,
+            node: root,
+            message: "Namespace '#{svg_namespace}' is not allowed",
+            data: {
+              current_namespace: svg_namespace,
+              disallowed_namespaces: disallowed_namespaces,
+            },
+          )
+          return
+        end
+
+        # Default behavior: require SVG namespace
+        unless allowed_namespaces.empty? && disallowed_namespaces.empty?
+          # Now check all elements in the document for namespace violations
+          check_all_elements(document, context)
+          return
+        end
+
+        return if svg_namespace == "http://www.w3.org/2000/svg"
+
+        context.add_error(
+          requirement: self,
+          node: root,
+          message: "SVG namespace declaration missing or incorrect",
+          data: {
+            current_namespace: svg_namespace,
+            expected_namespace: "http://www.w3.org/2000/svg",
+          },
+        )
+
+        # Also check all elements for namespace violations
+        check_all_elements(document, context)
+      end
+
+      def check(node, context)
+        return unless element?(node)
+
+        # Debug: Check all elements
+        puts "DEBUG: Checking element: #{node.name}" if node.name.include?(":")
+
+        # Check if this element has a namespace
+        element_namespace = nil
+
+        # Try to get namespace from the element
+        if node.respond_to?(:namespace) && node.namespace
+          namespace_str = node.namespace.to_s
+          puts "DEBUG: namespace_str = #{namespace_str}" if node.name.include?(":")
+          # Extract the URI from the namespace string
+          element_namespace = ::Regexp.last_match(1) if namespace_str =~ /xmlns[^=]*="([^"]+)"/
+        end
+
+        # If no namespace found, check if element has a prefix (indicating it's namespaced)
+        if element_namespace.nil? && node.name.include?(":")
+          prefix = node.name.split(":").first
+          puts "DEBUG: Found prefixed element #{node.name}, prefix = #{prefix}"
+          element_namespace = find_namespace_uri_for_prefix(node, prefix)
+          puts "DEBUG: Found namespace URI = #{element_namespace}"
+        end
+
+        # Skip if no namespace (default SVG namespace)
+        if element_namespace.nil? || element_namespace.empty?
+          puts "DEBUG: Skipping #{node.name} - no namespace found" if node.name.include?(":")
+          return
+        end
+
+        puts "DEBUG: Element #{node.name} has namespace #{element_namespace}"
+
+        # Check against allowed namespaces if configured
+        # If allow_rdf_metadata is enabled, also allow RDF namespaces
+        effective_allowed_namespaces = allowed_namespaces
+        if allow_rdf_metadata
+          effective_allowed_namespaces = allowed_namespaces + RDF_NAMESPACES
+        end
+
+        if effective_allowed_namespaces && !effective_allowed_namespaces.empty? && !effective_allowed_namespaces.include?(element_namespace)
+          puts "DEBUG: Adding error for disallowed namespace #{element_namespace}"
+          context.add_error(
+            requirement_id: id,
+            message: "The namespace #{element_namespace} is not permitted for svg elements.",
+            node: node,
+            severity: :error,
+            data: {
+              element_name: node.name,
+              namespace: element_namespace,
+              allowed_namespaces: effective_allowed_namespaces,
+            },
+          )
+          return
+        end
+
+        # Check against disallowed namespaces if configured
+        return unless disallowed_namespaces && !disallowed_namespaces.empty? && disallowed_namespaces.include?(element_namespace)
+
+        puts "DEBUG: Adding error for explicitly disallowed namespace #{element_namespace}"
+        context.add_error(
+          requirement_id: id,
+          message: "The namespace #{element_namespace} is not permitted for svg elements.",
+          node: node,
+          severity: :error,
+          data: {
+            element_name: node.name,
+            namespace: element_namespace,
+            disallowed_namespaces: disallowed_namespaces,
+          },
+        )
+      end
+
+      private
+
+      def check_all_elements(document, context)
+        # Recursively check all elements in the document
+        traverse_elements(document.root, context)
+      end
+
+      def traverse_elements(node, context)
+        return unless node
+
+        # Check this element
+        check_element_namespace(node, context) if element?(node)
+
+        # Recursively check children
+        if node.respond_to?(:children)
+          node.children.each { |child| traverse_elements(child, context) }
+        elsif node.respond_to?(:elements)
+          node.elements.each { |child| traverse_elements(child, context) }
+        end
+      end
+
+      def check_element_namespace(node, context)
+        return unless element?(node)
+
+        # Check if this element has a namespace
+        element_namespace = nil
+
+        # Try to get namespace from the element
+        if node.respond_to?(:namespace) && node.namespace
+          namespace_str = node.namespace.to_s
+          # Extract the URI from the namespace string
+          element_namespace = ::Regexp.last_match(1) if namespace_str =~ /xmlns[^=]*="([^"]+)"/
+        end
+
+        # If no namespace found, check if element has a prefix (indicating it's namespaced)
+        if element_namespace.nil? && node.name.include?(":")
+          prefix = node.name.split(":").first
+          element_namespace = find_namespace_uri_for_prefix(node, prefix)
+        end
+
+        # Skip if no namespace (default SVG namespace)
+        return if element_namespace.nil? || element_namespace.empty?
+
+        # Check against allowed namespaces if configured
+        # If allow_rdf_metadata is enabled, also allow RDF namespaces
+        effective_allowed_namespaces = allowed_namespaces
+        if allow_rdf_metadata
+          effective_allowed_namespaces = allowed_namespaces + RDF_NAMESPACES
+        end
+
+        if effective_allowed_namespaces && !effective_allowed_namespaces.empty? && !effective_allowed_namespaces.include?(element_namespace)
+          context.add_error(
+            requirement_id: id,
+            message: "The namespace #{element_namespace} is not permitted for svg elements.",
+            node: node,
+            severity: :error,
+            data: {
+              element_name: node.name,
+              namespace: element_namespace,
+              allowed_namespaces: effective_allowed_namespaces,
+            },
+          )
+          return
+        end
+
+        # Check against disallowed namespaces if configured
+        return unless disallowed_namespaces && !disallowed_namespaces.empty? && disallowed_namespaces.include?(element_namespace)
+
+        context.add_error(
+          requirement_id: id,
+          message: "The namespace #{element_namespace} is not permitted for svg elements.",
+          node: node,
+          severity: :error,
+          data: {
+            element_name: node.name,
+            namespace: element_namespace,
+            disallowed_namespaces: disallowed_namespaces,
+          },
+        )
+      end
+
+      def find_namespace_uri_for_prefix(node, prefix)
+        # Check current node and ancestors for namespace declarations
+        current = node
+        while current
+          # Check for xmlns:prefix attribute
+          xmlns_attr = "xmlns:#{prefix}"
+          return current.attributes[xmlns_attr] if current.respond_to?(:attributes) && current.attributes[xmlns_attr]
+
+          # Check using get_attribute method
+          namespace_uri = get_attribute(current, xmlns_attr)
+          return namespace_uri if namespace_uri
+
+          # Move to parent
+          current = current.respond_to?(:parent) ? current.parent : nil
+        end
+
+        nil
+      end
+    end
+  end
+end

data/lib/svg_conform/requirements/no_external_css_requirement.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+
+require_relative "base_requirement"
+
+module SvgConform
+  module Requirements
+    # Validates that no external CSS references are present
+    class NoExternalCssRequirement < BaseRequirement
+      attribute :type, :string, default: -> { "NoExternalCssRequirement" }
+      attribute :check_style_elements, :boolean, default: true
+      attribute :check_style_attributes, :boolean, default: true
+      attribute :check_link_elements, :boolean, default: true
+      attribute :allowed_protocols, :string, collection: true
+
+      yaml do
+        map "id", to: :id
+        map "description", to: :description
+        map "type", to: :type
+        map "check_style_elements", to: :check_style_elements
+        map "check_style_attributes", to: :check_style_attributes
+        map "check_link_elements", to: :check_link_elements
+        map "allowed_protocols", to: :allowed_protocols
+      end
+
+      def check(node, context)
+        return unless element?(node)
+
+        case node.name
+        when "style"
+          check_style_element(node, context) if check_style_elements
+        when "link"
+          check_link_element(node, context) if check_link_elements
+        else
+          check_style_attribute(node, context) if check_style_attributes
+        end
+      end
+
+      def should_check_node?(node, context = nil)
+        return false unless element?(node)
+        return false if context&.node_structurally_invalid?(node)
+
+        node.name == "style" ||
+          node.name == "link" ||
+          has_style_attribute?(node)
+      end
+
+      private
+
+      def check_style_element(node, context)
+        # Check for @import rules in style elements
+        content = node.text || ""
+
+        if content =~ /@import\s+url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+          url = ::Regexp.last_match(1)
+          unless allowed_url?(url)
+            context.add_error(
+              requirement_id: id,
+              message: "External CSS import not allowed: #{url}",
+              node: node,
+              severity: :error,
+            )
+          end
+        end
+
+        return unless content =~ /@import\s+['"]([^'"]+)['"]/i
+
+        url = ::Regexp.last_match(1)
+        return if allowed_url?(url)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External CSS import not allowed: #{url}",
+          node: node,
+          severity: :error,
+        )
+      end
+
+      def check_link_element(node, context)
+        rel = get_attribute(node, "rel")
+        href = get_attribute(node, "href")
+
+        return unless rel&.downcase == "stylesheet" && href
+
+        return if allowed_url?(href)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External CSS link not allowed: #{href}",
+          node: node,
+          severity: :error,
+        )
+      end
+
+      def check_style_attribute(node, context)
+        style_value = get_attribute(node, "style")
+        return unless style_value
+
+        # Check for url() references in style attributes
+        return unless style_value =~ /url\s*\(\s*['"]?([^'")\s]+)['"]?\s*\)/i
+
+        url = ::Regexp.last_match(1)
+        return if allowed_url?(url)
+
+        context.add_error(
+          requirement_id: id,
+          message: "External URL reference in style attribute not allowed: #{url}",
+          node: node,
+          severity: :error,
+        )
+      end
+
+      def has_style_attribute?(node)
+        !get_attribute(node, "style").nil?
+      end
+
+      def allowed_url?(url)
+        return true if url.nil? || url.empty?
+
+        # Data URLs are typically allowed
+        return true if url.start_with?("data:")
+
+        # Fragment identifiers (internal references) are allowed
+        return true if url.start_with?("#")
+
+        # Check against allowed protocols
+        return false if allowed_protocols.nil? || allowed_protocols.empty?
+
+        allowed_protocols.any? { |protocol| url.start_with?("#{protocol}:") }
+      end
+    end
+  end
+end