schema with error can be used for validation #399

ghost · 2018-04-17T10:02:31Z

Schema with mistake loads without throwing any error, and errors doesn't get recognized untils there's an instance being validated against it.

schema = {
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "required": [
    "foo"
  ],
  "properties": {
    "foo": {
      "$ref": "#/definitions/FooFoo"
    }
  },
  "definitions": {
    "Foo": {
      "type": "object",
      "required": [
        "bar"
      ],
      "properties": {
        "bar": {
          "type": "string"
        }
      }
    }
  }
}

Draft4Validator(schema).validate({})  #Throws validation error
Draft4Validator(schema).validate({"foo": {"bar": "baz"}}) #Throws RefResolutionError

The text was updated successfully, but these errors were encountered:

Julian · 2018-04-18T11:29:55Z

Hi.

This is more or less intended behavior.

$ref loading is lazy, so until it's looked up, there's no error, and the spec doesn't say that schemas with invalid refs are invalid (which would be essentially impossible to do for any $ref that is remote).

Also note that even besides this particular issue, passing a schema to a validator doesn't validate it. If you are unsure it's valid, you need to call check_schema on it.

ghost · 2018-04-18T12:29:08Z

@Julian thanks for comment.

I'm trying to build an application where it first accepts jsonschema, and then incoming json data is validated against this schema.

I wanted to fail in the first step, where if schema is invalid, e.g. ref doesn't exists, fail and return appropriate error. check_schema doesn't return errors in this case.

Julian · 2018-04-18T12:48:30Z

In that case I'd recommend catching the RefResolutionError -- you're going to need to do something similar for the case where there's a remote schema there and somehow the network fails while retrieving it.

Alternatively, there are I believe some libraries (on top of this one) that will essentially de-reference a schema ahead of time, so you could try one of those, and run it on the schema right after you get it, which should give you an immediate error.

Note by the way that accepting arbitrary JSON schemas from untrusted users isn't safe without sandboxing by the way.

fc05651cc Merge pull request #409 from Stranger6667/dd/add-jsonschema-rs 5f1575a93 Add Rust `jsonschema` crate 2bf95beec Merge pull request #407 from fisxoj/master 9ae956b21 Add common lisp implementation to the list d4ffd569b Merge pull request #401 from json-schema-org/ether/format-uuid 2d6c45711 tests for the "uuid" format 08f6cdaff Merge pull request #400 from json-schema-org/ether/more-format-ipv6 d3064eb3a some more tests for the "ipv6" format 1f34d3321 Merge pull request #399 from json-schema-org/ether/more-format-idn-email 22adda78c also test the "email" inputs against "idn-email" 25598a3b4 Merge pull request #392 from rjmill/rjmill/test-prop-named-ref-containing-a-ref 8dfa8adc9 Merge pull request #380 from ChALkeR/fix-ecmascript-regex d595dbf9d backport $ref cases, changing "$defs" to "definitions" ca8319c9e Fix \W test description 452b5f8f4 Test property named $ref, containing an actual $ref a01ae5404 Fix ECMA 262 regex whitespace tests. git-subtree-dir: json git-subtree-split: fc05651cce3889975f8dbcca38c203d6a396694b

Julian closed this as completed Apr 18, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

schema with error can be used for validation #399

schema with error can be used for validation #399

ghost commented Apr 17, 2018 •

edited by ghost

Loading

Julian commented Apr 18, 2018

ghost commented Apr 18, 2018

Julian commented Apr 18, 2018

schema with error can be used for validation #399

schema with error can be used for validation #399

Comments

ghost commented Apr 17, 2018 • edited by ghost Loading

Julian commented Apr 18, 2018

ghost commented Apr 18, 2018

Julian commented Apr 18, 2018

ghost commented Apr 17, 2018 •

edited by ghost

Loading