eliangcs
commented
4 months ago @kreddlear I suppose we need to make the same change for SearchesSchema? It doesn't have additionalProperties: false either.
Closed kreddlear closed 4 months ago
eliangcs
commented
4 months ago @kreddlear I suppose we need to make the same change for SearchesSchema? It doesn't have additionalProperties: false either.
kreddlear
commented
4 months ago Good catch! It looks like
CreatesSchemahas been always like this (withoutadditionalProperties: false) since the initial commit 8 years ago. 🤯
Yes, this blew my mind!
I suppose we need to make the same change for SearchesSchema? It doesn't have additionalProperties: false either.
@eliangcs Great catch. I've gone through all the other schemas, and updated a few others with type: object to also have that additionalProperties: false as well where it seems potentially problematic.
FYI there are some others that don't have it, but also that don't seem problematic, so I left them as-is. Those are:
additionalProperties: falseHappy to update them if you think that's best for safety though!
kreddlear
commented
4 months ago @rnegron I was trying to figure this out as well! I think since we don't want to and didn't intend to support it, it likely wouldn't be "practically breaking".
I think that's further supported by the fact that apparently these actions aren't actually usable in Zaps, so I don't think there would actually be anything to break, if that makes sense.
We currently have 2 tickets that have come up, reporting action keys that should be invalid:
I reproduced this issue via CLI, confirming it is currently possible to have an action with a
keythat's invalid (for example,3create_tagorcreate_order:test) per the KeySchema and per the CreatesSchemapatternProperties.The cause seems to be that the library we're using,
jsonschema, expects us to setadditionalProperties: falseif we want all properties that don't match thepatternPropertiesregex to be rejected.TriggersSchemahas this already, as doesSearchOrCreatesSchemaand most of the other schemas.This MR adds that
additionalProperties: falseto theCreatesSchemaso that invalid action keys will be properly rejected. It also adds a test to confirm this new behavior, and improves the other existing tests so that it's clearer what the errors that come up should be.One downside: Ideally, when a dev tried to submit a trigger/action with an invalid key, we would surface the error
instance.creates.tag_create.key does not match pattern "^[a-zA-Z]+[a-zA-Z0-9_]*$"'to make it clear what the issue is. However,jsonschemadoesn't seem to have a way to error on bad property names - it just rejects them entirely viaadditionalProperties: false. So the current error users will see isinstance.creates additionalProperty "3contact_by_tag" exists in instance when not allowed, which is not super clear, but better than allowing it to be uploaded.