search

hyperjump-io / json-schema

JSON Schema Validation, Annotation, and Bundling. Supports Draft 04, 06, 07, 2019-09, 2020-12, OpenAPI 3.0, and OpenAPI 3.1
https://json-schema.hyperjump.io/
MIT License
216 stars 22 forks source link

Invalid JSON schema has passed check #40

Closed xiaoxiangmoe closed 8 months ago

xiaoxiangmoe commented 10 months ago

https://json-schema.hyperjump.io/

schema

{
  "$id": "https://json-schema.hyperjump.io/schema",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$defs": {
    "Foo": {
      "Bar": {
        "type": "boolean"
      }
    }
  },
  "$ref": "#/$defs/Foo/Bar"
}

instance 

true
image

All check passed

But see https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00

The "$defs" keyword reserves a location for schema authors to inline re-usable JSON Schemas into a more general schema. The keyword does not directly affect the validation result.

This keyword's value MUST be an object. Each member value of this object MUST be a valid JSON Schema.

But the object { "Bar": { "type": "boolean" } } not seems to be a valid JSON Schema.

jdesrosiers commented 10 months ago

That is technically a valid schema. In JSON Schema, unknown keywords are ignored. This allows for extension, but can also result in confusing cases like this one. So, what's happening is that Bar is being interpreted as an unknown schema keyword and everything under Bar is getting ignored. Given that Bar is ignored, it might seem strange that you can successfully reference it. There's another quirk of JSON Schema that anything you reference will be interpreted as a schema. So even though from $defss perspective, Bar (and its value) is ignored, it's still considered a schema because it was referenced using $ref.

So, as odd as it seems, this is actually the correct behavior. However, in the next version of JSON Schema, unknown keywords will no longer be allowed and ignored and an issue like this will be considered an error.