search

json-schema-org / json-schema-spec

The JSON Schema specification
http://json-schema.org/
Other
3.82k stars 266 forks source link

Json Schema allowing additional properties even though additionalProperties is set to false #1243

Closed StratusBase closed 2 years ago

StratusBase commented 2 years ago

Given the following schema:

export const MESSAGE_SCHEMA = {
  additionalProperties: false,
  type: 'object',
  properties: {
    comment: { type: 'string' },
    startAt: { type: 'string' },
    states: {
      type: 'object',
      minProperties: 1,
      patternProperties: {
        "^[A-Za-z]+[A-Za-z0-9 ]{0,127}$": {
          type: 'object',
          properties: {
            type: { type: 'string', enum: TASK_TYPES_ALL_ENUM },
            next: { type: 'string' },
            end: { type: 'boolean' },
            choices: {
              type: 'array',
              items: {
                type: 'object'
              },
              minItems: 2
            },
            default: { type: 'string' },
            error: { type: 'string' },
            cause: { type: 'string' },
            resource: { type: 'string' },
          },
          required: ['type'],
          allOf: [
            // Make choices required if task type = 'choice'
            {
              if: {
                properties: { type: { const: TASK_TYPE_CHOICE } }
              },
              then: {
                required: ['type', 'choices']
              }
            }
          ]
        }
      },
      additionalProperties: false
    }
  },
  required: ['startAt','states']
};

If I send a payload into my API with a key within the "states" object that doesn't match the pattern, it always allows the request... The behavior as I understood should prevent this with the properties / patternProperties + additionalProperties = false, but this is not the case...

For example - this should error since the pattern does not match and no additional properties are allowed, but I get a response from the API as though it was validated successfully:

{
    "eventNamespace": "state",
    "eventType": "transition",
    "payload": {
        "foo": "bar"
    },
    "message": {
        "startAt": "foo",
        "states": {
            "!#@^@^": {
                "type": "choice",
                "choices": []
            }
        }
    }
}

If I then put a value that matches the pattern, I get a validation failure (as expected):

{
    "eventNamespace": "state",
    "eventType": "transition",
    "payload": {
        "foo": "bar"
    },
    "message": {
        "startAt": "foo",
        "states": {
            "valid property example": {
                "type": "choice",
                "choices": []
            }
        }
    }
}

Response:

{
    "statusCode": 400,
    "error": "Bad Request",
    "message": "body/message/states/valid property example/choices must NOT have fewer than 2 items"
}
gregsdennis commented 2 years ago

Your StackOverflow question already has an answer.

Please be aware that we track json-schema questions on that forum and generally answer fairly quickly.

StratusBase commented 2 years ago

@gregsdennis The SO answer you're referring to was to create a bug report...

I suggest you open a bug report for the implementation you are using.

karenetheridge commented 2 years ago

This repository is for the specification itself. We don't control the implementations.

StratusBase commented 2 years ago

Ah, yep. My bad! Rushing :D