Errata01 schema addition to region is invalid

[sthagen]

Symptoms

Current schema raises errors like:

Unexpected token encountered when reading value for 'anyOf'. Expected StartObject, got StartArray. Path 'definitions.region.properties.anyOf', line 1783, position 18.

Or (using a different tool):

#/definitions/region/properties/anyOf: expected type is one of Boolean or JsonObject, found: JsonArray

Cause

The problem is not the ingredients of the anyOf we use here, those are OK but the embedding into the region object.

Unfortunately the schema implementation of the added anyOf constraint in the ERRATA01 is invalid as the confusingly named properties key of our domain specific language may have led us to believe we should inject the anyOf directly following that object.

    "region": {
      "description": "A region within an artifact where a result was detected.",
      "additionalProperties": false,
      "type": "object",
      "properties": {
        "snip": "some ... - - - 8< - - -",
        "properties": {
          "description": "Key/value pairs that provide additional information about the region.",
          "$ref": "#/definitions/propertyBag"
        },
        "anyOf": [
          { "required": [ "startLine" ] },
          { "required": [ "charOffset" ] },
          { "required": [ "byteOffset" ] }
        ]
      }
    },

Cure

Instead we should inject it following the outer propertiesobject (that is a JSON Schema key adhering object). Like so:

  "region": {
    "description": "A region within an artifact where a result was detected.",
    "additionalProperties": false,
    "type": "object",
    "properties": {
      "snip": "some ... - - - 8< - - -",
      "properties": {
          "description": "Key/value pairs that provide additional information about the region.",
          "$ref": "#/definitions/propertyBag"
      }
    },
    "anyOf": [
      { "required": [ "startLine" ] },
      { "required": [ "charOffset" ] },
      { "required": [ "byteOffset" ] }
    ]
  },

Then validation succeeds.

Diff

The diff (against the failing complete JSON file in the distributed errata package at https://www.oasis-open.org/committees/document.php?document_id=71047&wg_abbrev=sarif) is:

❯ diff -u ../errata_bundle_20230519/sarif-schema-2.1.0-errata01-csd01-complete.json sarif-schema-2.1.0-errata01-csd01-complete.json
--- ../errata_bundle_20230519/sarif-schema-2.1.0-errata01-csd01-complete.json	2023-05-03 16:23:56.000000000 +0200
+++ sarif-schema-2.1.0-errata01-csd01-complete.json	2023-05-20 13:39:13.000000000 +0200
@@ -1778,14 +1778,13 @@
         "properties": {
           "description": "Key/value pairs that provide additional information about the region.",
           "$ref": "#/definitions/propertyBag"
-        },
-
-        "anyOf": [
-          { "required": [ "startLine" ] },
-          { "required": [ "charOffset" ] },
-          { "required": [ "byteOffset" ] }
-        ]
-      }
+        }
+      },
+      "anyOf": [
+        { "required": [ "startLine" ] },
+        { "required": [ "charOffset" ] },
+        { "required": [ "byteOffset" ] }
+      ]
     },

     "replacement": {

The tricky thing (in 2023) is, to debug draft4 JSON Schema issues as not all "alive" validators support such archaic versions.

[dmk42]

Thanks. We should definitely address this before publishing the errata.

[dmk42]

Thanks again. This has been addressed with the 2023-06-12 errata bundle.