From 9e145eb530f37cc9e3c4eaad48b934e24bd40b85 Mon Sep 17 00:00:00 2001
From: Mathis Raguin <mathis.raguin@gitguardian.com>
Date: Tue, 19 Aug 2025 12:34:49 +0200
Subject: [PATCH] fix(util/jsonschema): use loader to load HTTP/HTTPS
 definitions

Signed-off-by: Mathis Raguin <mathis.raguin@gitguardian.com>
---
 pkg/chart/v2/util/jsonschema.go | 39 +++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/pkg/chart/v2/util/jsonschema.go b/pkg/chart/v2/util/jsonschema.go
index 820e5953a..9a5e787d8 100644
--- a/pkg/chart/v2/util/jsonschema.go
+++ b/pkg/chart/v2/util/jsonschema.go
@@ -22,12 +22,44 @@ import (
 	"fmt"
 	"log/slog"
 	"strings"
+	"net/http"
+	"crypto/tls"
+	"time"
 
 	"github.com/santhosh-tekuri/jsonschema/v6"
 
 	chart "helm.sh/helm/v4/pkg/chart/v2"
 )
 
+type HTTPURLLoader http.Client
+
+func (l *HTTPURLLoader) Load(url string) (any, error) {
+	client := (*http.Client)(l)
+	resp, err := client.Get(url)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		_ = resp.Body.Close()
+		return nil, fmt.Errorf("%s returned status code %d", url, resp.StatusCode)
+	}
+	defer resp.Body.Close()
+
+	return jsonschema.UnmarshalJSON(resp.Body)
+}
+
+func newHTTPURLLoader(insecure bool) *HTTPURLLoader {
+	httpLoader := HTTPURLLoader(http.Client{
+		Timeout: 15 * time.Second,
+	})
+	if insecure {
+		httpLoader.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+	return &httpLoader
+}
+
 // ValidateAgainstSchema checks that values does not violate the structure laid out in schema
 func ValidateAgainstSchema(chrt *chart.Chart, values map[string]interface{}) error {
 	var sb strings.Builder
@@ -71,7 +103,14 @@ func ValidateAgainstSingleSchema(values Values, schemaJSON []byte) (reterr error
 	}
 	slog.Debug("unmarshalled JSON schema", "schema", schemaJSON)
 
+	loader := jsonschema.SchemeURLLoader{
+		"file":  jsonschema.FileLoader{},
+		"http":  newHTTPURLLoader(false),
+		"https": newHTTPURLLoader(false),
+	}
+
 	compiler := jsonschema.NewCompiler()
+	compiler.UseLoader(loader)
 	err = compiler.AddResource("file:///values.schema.json", schema)
 	if err != nil {
 		return err