json-schema
json-schema copied to clipboard
voxpupuli
Falsely validating against schema with `oneOf` key
Summary
The validator is saying a response body matches a schema when it actually doesn't. The schema contains a oneOf key with refs and additionalProperties set to false.
Current Behavior
The response body is falsely passing the validation. This is the schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Property address",
"type": "object",
"required": ["street1", "city", "state", "zip", "county"],
"oneOf": [
{ "$ref": "#/definitions/californiaAddress" },
{ "$ref": "#/definitions/floridaAddress" }
],
"additionalProperties": false,
"definitions": {
"californiaAddress": {
"required": [ "street1", "city", "state", "zip", "county" ],
"properties": {
"street1": { "type": "string" },
"street2": { "type": "string" },
"city": { "type": "string" },
"state": {
"type": "string",
"enum": [ "CA" ]
},
"zip": {
"type": "string",
"pattern": "/\\d{5}(\\-\\d{4})?/"
},
"county": {
"type": "string",
"enum": [
"alameda", "alpine", "amador",
"butte",
"calaveras", "colusa", "contra_costa",
"del_norte",
"el_dorado",
"fresno",
"glenn",
"humboldt",
"imperial", "inyo",
"kern", "kings",
"lake", "lassen", "los_angeles",
"madera", "marin", "mariposa", "mendocino", "merced", "modoc", "mono", "monterey",
"napa", "nevada",
"orange",
"placer", "plumas",
"riverside",
"sacramento", "san_benito", "san_bernardino", "san_diego", "san_francisco", "san_joaquin",
"san_luis_obispo", "san_mateo", "santa_barbara", "santa_clara", "santa_cruz", "shasta",
"sierra", "siskiyou", "solano", "sonoma", "stanislaus", "sutter",
"tahama", "toulomne", "trinity", "tulare",
"ventura",
"yolo", "yuba"
]
}
},
"additionalProperties": false
},
"floridaAddress": {
"required": [ "street1", "city", "state", "zip", "county" ],
"properties": {
"street1": { "type": "string" },
"street2": { "type": "string" },
"city": { "type": "string" },
"state": {
"type": "string",
"enum": [ "FL" ]
},
"zip": {
"type": "string",
"pattern": "/\\d{5}(\\-\\d{4})?/"
},
"county": {
"type": "string",
"enum": [
"broward",
"escambia",
"indian_river",
"martin",
"palm_beach",
"pasco",
"pinellas"
]
}
},
"additionalProperties": false
}
}
}
The response I'm getting is:
{
"message": "Must provide API token"
}
Expected Behavior
The response body above should not pass validation against the given schema.
Additional Details
- The schema specifies an object that must satisfy one of two given schemas
- Both the main schema and the two possible
oneOfschemas haveadditionalPropertiesset to false - The two
oneOfschemas both specify required properties that are not present in the actual body - Setting
requiredon the main schema (since the two possible schemas have the same keys) does not change the behavior - Setting
"additionalProperties": falseon just the main schema or just theoneOfschemas does not change the behavior
I actually can't, the code that I was having this problem with is in my former employer's private repo. Sorry about that.
No problem, maybe we can reconstruct an example. If its just because of the data I see a fair chance. But if it depends on a certain combination of flags, well then possibly not (I rather suspect that though, otherwise there probably would have been issue(s) already).
Can you remember anything about the properties of wrongly accepted data? Where there any additional properties which have been accepted although they shouldn't or was it the other way around that data with missing required attributes got accepted?
Let me see what I can come up with, I have some work to get done but I can take a look at it later today.