ocsf-server
ocsf-server copied to clipboard
ocsf
Validation of schema using API is incorrect
I've been attempting to validate my "api_activity" event object using the OCSF swagger API and it keeps reporting that "api" is an "undefined attribute name". Removing it reports no error (though API is a required object). I think there is a bug in the validation endpoint. Steps to reproduce:
- Go to https://schema.ocsf.io/doc/index.html
- Go to "/sample/classes/{name}" and enter "api_activity" in the "Class name" text box. Click "Execute"
- Copy result
- Go to "/api/validate" and copy the result and click execute
This, for me, resulted in the sample schema failing validation.
When generating a sample event you should specify what profiles should be used. Otherwise, the generated event will use all applicable profiles and it will not add the metadata.profiles attribute, which will cause the validation to fail.
Also, if you don't want to use any profiles, then you can have a blank item:
Regardless of profiles, validation still fails because it does not recognize "api" as a valid attribute, even though it is.
The api is defined in the cloud profile, therefore you have to use metadata.profiles = ["cloud"] in the event data.
Just getting back to this. The API activity class defines "API Details" as a required object. The "cloud" profile only defines "api" as optional. Furthermore, the cloud profile also requires the use of the "cloud" object which I have no use for in my application.
It appears, to me, that the "API Details" object is required for this class regardless of the presence of the cloud profile. In fact the schema (https://github.com/ocsf/ocsf-schema/blob/9608805fe0b61035cb821bb9068096fe47fed12d/events/application/api.json#L28-L32) states that "api" is required with "profile" being null.
Also if "api" is only supposed to be present in the "cloud" profile, then the server still has a bug in it because it's showing "api" even when the "cloud" profile isn't selected.