Page MenuHomePhabricator
Create Task
Maniphest T46454

efSchemaValidate permits unrecognized additional fields
Closed, ResolvedPublic
Actions

Description

If you add additional fields to your event that aren't in the schema+id you specify, efLogServerSideEvent nevertheless logs the event with isValid: true.

In the same situation client-side logEvent() will log with isValid: false and a warning "Unrecognized property: (bogus field's name)".

Depending on how json2sql handles this, the event won't be inserted in the SQL table, or will generate a set of table columns unsuitable for future events.

To reproduce, just add a "boGUSNewKEY" => 666, to a server-side event in PHP.

Version: unspecified
Severity: normal

Details

Reference
bz44454

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:19 AM
bzimport added a project: MediaWiki-extensions-EventLogging.
bzimport set Reference to bz44454.
Spage created this task.Jan 29 2013, 2:10 AM
ori added a comment.Jan 29 2013, 8:03 AM

This is permitted by the JSON Schema draft v3:

5.4. additionalProperties

This attribute defines a schema for all properties that are not
explicitly defined in an object type definition. If specified, the
value MUST be a schema or a boolean. If false is provided, no
additional properties are allowed beyond the properties defined in
the schema. The default value is an empty schema which allows any
value for additional properties.

http://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.4

Nevertheless, this bug is valid, because:

  1. Client-side and server-side validation should behave the same way
  2. A stricter interpretation of the draft in which additional values are disallowed seems sensible.
ori added a comment.Jan 29 2013, 8:53 AM

Patch in Gerrit: https://gerrit.wikimedia.org/r/#/c/46501/

Krenair added a comment.Feb 3 2013, 5:38 PM

Merged by Ori on the 29th.

Aklapper added a comment.Feb 26 2014, 12:55 PM

[moving from MediaWiki extensions to Analytics product - see bug 61946]

Luke081515 removed a subscriber: wikibugs-l-list.Jan 28 2016, 6:06 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptJan 28 2016, 6:06 PM
awight subscribed.Apr 3 2020, 1:33 PM

In distant hindsight, it might have been nicer to include additional validation for EventLogging schemas, to enforce that the additionalProperties key is present and true for all object elements. That way, the event schema matches the validation that will be performed on payloads.

Restricted Application added a project: Analytics. · View Herald TranscriptApr 3 2020, 1:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL