google / cap-library

Common Alerting Protocol Library
Apache License 2.0
84 stars 26 forks source link

Validation does not enforce cases where "addresses" and "restriction" are required #36

Open sschiavoni opened 10 years ago

sschiavoni commented 10 years ago

Original issue 37 created by shakusa@google.com on 2012-12-20T14:54:51.000Z:

From Eliot Christian:

The CAP standard data dictionary states that the "addresses" element and the "restriction" element are each conditional. The "addresses" element is required if the "scope" element contains "Private". The "restriction" element is required if "scope" element is "Restricted".

The Google CAP validator does not enforce these validation rules as I had expected. A result of "Valid" is returned when the "scope" is "Public" or "Restricted" or "Private", even when there is not an "addresses" element or there is not a "restriction" element. Yet, if "scope" is "Public" or "Private" and the "restriction" element is present, the validator reports "<restriction> should be used only when <scope> is Restricted". Oddly, there is no corresponding flagging on the "addresses" element only when scope is "Private".

My own impression is that the rules require that the "restriction" element is present when the "scope" is "Restricted", and that the "addresses" element is present when the "scope" is "Private". It seems to me the data dictionary is silent regarding the validity of a "restriction" element when the scope is not "Restricted", and it is silent regarding the validity of having an "addresses" element when the "scope" is not "Private".

sschiavoni commented 10 years ago

Comment #1 originally posted by shakusa@google.com on 2012-12-20T14:55:59.000Z:

The fix belongs right around here: http://code.google.com/p/cap-library/source/browse/java/src/com/google/publicalerts/cap/CapValidator.java#&nbsp;110

sschiavoni commented 10 years ago

Comment #2 originally posted by shakusa@google.com on 2012-12-20T22:02:15.000Z:

At 08:22 AM 12/20/2012, Gary Ham wrote: Elliot,

The rule should work this way:

is ALLOWED for Public, Restricted, or Private and REQUIRED for Private. is REQUIRED for restricted and disallowed otherwise. In CAP 1.1 was the same type of conditional as . CAP 1.2 changed to allow any time, but did not change the requirement to use for Private alerts. Just to set the record straight.