From 61d2d3a45eb022e814d67403271a121e56f51e22 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Sat, 13 Jun 2026 11:21:52 -0400
Subject: [PATCH 1/2] Tighten json schema advisory checks

---
 spec/schemas/gem.json  | 13 ++++++++++++-
 spec/schemas/ruby.json |  9 ++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/spec/schemas/gem.json b/spec/schemas/gem.json
index e4fabe7934..99b8f0a303 100644
--- a/spec/schemas/gem.json
+++ b/spec/schemas/gem.json
@@ -3,6 +3,10 @@
   "$id": "https://github.com/rubysec/ruby-advisory-db/schemas/gem.json",
   "title": "Ruby gem advisory",
   "type": "object",
+  "properties": {},
+  "patternProperties": {
+    "^(?!engine$).*": {}
+  },
   "additionalProperties": false,
   "required": ["gem", "url", "title", "date", "description"],
   "anyOf": [
@@ -11,20 +15,27 @@
     { "required": ["ghsa"] }
   ],
   "properties": {
+    "engine": {
+      "type": "string",
+      "enum": ["ruby", "jruby", "mruby", "mrubyc", "rbx", "truffleruby"]
+    },
     "gem": {
       "type": "string",
       "minLength": 1
     },
     "library": {
       "type": "string",
+      "pattern": "rubygems",
       "minLength": 1
     },
     "framework": {
       "type": "string",
+      "pattern": "rails",
       "minLength": 1
     },
     "platform": {
       "type": "string",
+      "pattern": "jruby",
       "minLength": 1
     },
     "cve": {
@@ -57,8 +68,8 @@
     "description": {
       "type": "string",
       "minLength": 1,
+      "pattern": "\\n",
       "allOf": [
-        { "pattern": "\\n" },
         { "not": { "pattern": "\\\\n\\\\n" } },
         { "not": { "pattern": "(#+) PoC" } }
       ]
diff --git a/spec/schemas/ruby.json b/spec/schemas/ruby.json
index 0fd0747f90..a40a2c7105 100644
--- a/spec/schemas/ruby.json
+++ b/spec/schemas/ruby.json
@@ -3,6 +3,12 @@
   "$id": "https://github.com/rubysec/ruby-advisory-db/schemas/ruby.json",
   "title": "Ruby implementation advisory",
   "type": "object",
+  "properties": {},
+  "patternProperties": {
+    "^(?!gem$).*": {},
+    "^(?!library$).*": {},
+    "^(?!framework$).*": {}
+  },
   "additionalProperties": false,
   "required": ["engine", "url", "title", "date", "description"],
   "anyOf": [
@@ -17,6 +23,7 @@
     },
     "platform": {
       "type": "string",
+      "pattern": "jruby",
       "minLength": 1
     },
     "cve": {
@@ -49,8 +56,8 @@
     "description": {
       "type": "string",
       "minLength": 1,
+      "pattern": "\\n",
       "allOf": [
-        { "pattern": "\\n" },
         { "not": { "pattern": "\\\\n\\\\n" } },
         { "not": { "pattern": "(#+) PoC" } }
       ]

From f9e94d601c1a13d5a0717dadb3a29f3fa711d444 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Mon, 15 Jun 2026 12:27:49 -0400
Subject: [PATCH 2/2] Refine pattern validation for description field

Updated the pattern for the description field to enforce specific line and length constraints.
---
 spec/schemas/gem.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/schemas/gem.json b/spec/schemas/gem.json
index 99b8f0a303..0d5a0a2f15 100644
--- a/spec/schemas/gem.json
+++ b/spec/schemas/gem.json
@@ -68,7 +68,7 @@
     "description": {
       "type": "string",
       "minLength": 1,
-      "pattern": "\\n",
+      "pattern": "^(?=.*\\n)(?:[^\\n]{1,150})(?:\\n[^\\n]{1,150})*$",
       "allOf": [
         { "not": { "pattern": "\\\\n\\\\n" } },
         { "not": { "pattern": "(#+) PoC" } }