Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow unexpected properties #413

Open
umairidris opened this issue Mar 26, 2019 · 2 comments
Open

Disallow unexpected properties #413

umairidris opened this issue Mar 26, 2019 · 2 comments
Labels
cloud-foundations Cloud Foundation Toolkit development Feature Request

Comments

@umairidris
Copy link
Member

umairidris commented Mar 26, 2019

Currently, the CFT schemas allow arbitrary fields to be set. This can be dangerous, especially with config languages like YAML. Customers can easily introduce typos or a misindentations, etc causing unexpected behaviours and vulnerabilities.

Please consider adding "additionalProperties: false" to all schemas.

See: https://json-schema.org/understanding-json-schema/reference/object.html

The additionalProperties keyword is used to control the handling of extra stuff, that is, properties whose names are not listed in the properties keyword. By default any additional properties are allowed.
The additionalProperties keyword may be either a boolean or an object. If additionalProperties is a boolean and set to false, no additional properties will be allowed.

/cc @ocsig

@umairidris
Copy link
Member Author

optional:
p.s. Forseti for example is investigating using protos to define their schemas (forseti-security/forseti-security#1962). The great thing protos is it can let users define native CFT compatible objects in a myriad of languages which can be dumped to YAML and sent to CFT. It will also make it easier to catch incompatibilities and have automated testing.

@ocsig ocsig added cloud-foundations Cloud Foundation Toolkit development Feature Request labels Apr 2, 2019
@ocsig
Copy link
Member

ocsig commented Apr 2, 2019

Good point, this is on my roadmap to improve the schema validation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cloud-foundations Cloud Foundation Toolkit development Feature Request
Projects
None yet
Development

No branches or pull requests

2 participants