search

santhosh-tekuri / jsonschema

JSONSchema (draft 2020-12, draft 2019-09, draft-7, draft-6, draft-4) Validation using Go
Apache License 2.0
957 stars 98 forks source link

root-level oneOf not handled proper - validates against all types #195

Closed justinfx closed 2 weeks ago

justinfx commented 2 weeks ago

I just wanted to start by saying after trying a few different jsonschema validation libraries, yours has been the closest to handling my particular schema correctly.

Given the following jsonschema: https://github.com/argoproj/argo-events/blob/master/api/jsonschema/schema.json

It uses a top level object that is a oneOf of 3 possible types:

...
  "oneOf": [
    {
      "$ref": "#/definitions/io.argoproj.events.v1alpha1.EventBus"
    },
    {
      "$ref": "#/definitions/io.argoproj.events.v1alpha1.EventSource"
    },
    {
      "$ref": "#/definitions/io.argoproj.events.v1alpha1.Sensor"
    }
  ],
  "type": "object"
}

And then the following yaml input:

apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
  name: name
spec:
  BADFIELD: true
  nats:
    example:
      url: host:1234
      jsonBody: true
      subject: a.b.c
      tls:
        # should be bool
        insecureSkipVerify: []

I get the following output:

schema schemas/argo-events.json: ok

instance eventsource.yaml: failed
jsonschema validation failed with 'file:///schemas/argo-events.json#'
- at '': oneOf failed, none matched
  - at '/kind': value must be 'EventBus'
  - at '/spec/nats/example/tls/insecureSkipVerify': got array, want boolean
  - at '': validation failed
    - at '/kind': value must be 'Sensor'
    - at '/spec': missing properties 'dependencies', 'triggers'

The validation about insecureSkipVerify is spot on. However given that the top level oneOf says it could be one of 3 different types, it seems to be validating against all 3 instead of just the EventSource kind.

Bonus points, it doesn't seem to catch undefined fields, like "BADFIELD"

santhosh-tekuri commented 2 weeks ago

insecureSkipVerify must be boolean as per schema see Line 4204

oneOf validates against all subschemas and checks that it exactly validates with just one subschema.

kind is used defined field. from schema point of view it is not treated as switch

santhosh-tekuri commented 2 weeks ago

if you want error on undefined fields, you should use additionalProperties: false in your schema