You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the CFT schemas allow arbitrary fields to be set. This can be dangerous, especially with config languages like YAML. Customers can easily introduce typos or a misindentations, etc causing unexpected behaviours and vulnerabilities.
Please consider adding "additionalProperties: false" to all schemas.
The additionalProperties keyword is used to control the handling of extra stuff, that is, properties whose names are not listed in the properties keyword. By default any additional properties are allowed.
The additionalProperties keyword may be either a boolean or an object. If additionalProperties is a boolean and set to false, no additional properties will be allowed.
optional:
p.s. Forseti for example is investigating using protos to define their schemas (forseti-security/forseti-security#1962). The great thing protos is it can let users define native CFT compatible objects in a myriad of languages which can be dumped to YAML and sent to CFT. It will also make it easier to catch incompatibilities and have automated testing.
Currently, the CFT schemas allow arbitrary fields to be set. This can be dangerous, especially with config languages like YAML. Customers can easily introduce typos or a misindentations, etc causing unexpected behaviours and vulnerabilities.
Please consider adding "additionalProperties: false" to all schemas.
See: https://json-schema.org/understanding-json-schema/reference/object.html
/cc @ocsig
The text was updated successfully, but these errors were encountered: