-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail to deal with external schemata #114
Comments
Minimizing the linked schema and json file in the last comment by removing some attributes and adjusting the usage example to use these minimized files like following: import (
"context"
"encoding/json"
"fmt"
"github.com/qri-io/jsonschema"
)
func main() {
ctx := context.Background()
var schemaData = []byte(`{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",
"title": "Common Security Advisory Framework",
"description": "Representation of security advisory information as a JSON document.",
"type": "object",
"properties": {
"scores": {
"title": "List of scores",
"description": "contains score objects for the current vulnerability.",
"type": "array",
"minItems": 1,
"items": {
"title": "Score",
"description": "specifies information about (at least one) score of the vulnerability and for which products the given value applies.",
"type": "object",
"properties": {
"cvss_v2": {
"$ref": "https://www.first.org/cvss/cvss-v2.0.json"
},
"cvss_v3": {
"oneOf": [
{
"$ref": "https://www.first.org/cvss/cvss-v3.0.json"
},
{
"$ref": "https://www.first.org/cvss/cvss-v3.1.json"
}
]
}
}
}
}
}
}`)
rs := &jsonschema.Schema{}
if err := json.Unmarshal(schemaData, rs); err != nil {
panic("unmarshal schema: " + err.Error())
}
var valid = []byte(`{
"scores": [
{
"cvss_v3": {
"version": "3.0",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
}
]
}`)
errs, err := rs.ValidateBytes(ctx, valid)
if err != nil {
panic(err)
}
if len(errs) > 0 {
fmt.Println(errs[0].Error())
}
} Throws the error: |
This excerpt from debug output indicates that the problem is not being able to resolve a ref.
Furthermore, there is a warning earlier in the debug output that leads to the root cause.
Validation is failing because the schema being used is written to comply with JSON Schema draft-07 and qri-io/jsonschema primarily targets JSON Schema 2019-09. Specifically, between revisions, the functionality associated with the "definitions" keyword was moved to the new "$defs" keyword. See issue #97 for more discussion. For this particular case, registering the "definitions" keyword with the "$def" keyword handler before any validation occurs, as shown below, should allow for your provided test case to validate as expected. jsonschema.RegisterKeyword("definitions", jsonschema.NewDefs) |
Hallo,
We have faced the following problem during the validation of some json files:
The Validation of the CVE-2018-0171-modified.json file with csaf_json_schema.json schema throws an Error:
/vulnerabilities/0/scores/0/cvss_v3: did not match any of the specified OneOf schemas
and thus this valid document is classified as invalid.Validator confirms the validity of this file against this schema also.
It seems that something goes wrong when processing
oneOf
on#ref
external schemata.Tested with qri-io/jsonschema v0.2.1 und go v1.17.1
The text was updated successfully, but these errors were encountered: