Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUGFIX] Ignore $ref siblings & abort on infinite-loop references #437

Merged
merged 5 commits into from
Jun 23, 2017

Conversation

erayd
Copy link
Contributor

@erayd erayd commented Jun 21, 2017

What

Why

  • Because the spec states that all sibling properties of $ref MUST be ignored
  • Because infinitely looping is both undesirable and explicitly prohibited by the spec.

This PR will not be backported. #436 is definitely a bug, but fixing it results in a significant change in behavior which some users may be relying on (e.g. as a hack to implement inheritance), and as such it should be merged as major-version change.

Thanks to @johannes-see for finding the bug (#435).

erayd added 4 commits June 21, 2017 18:38
From the spec [1]:
    An object schema with a "$ref" property MUST be interpreted as a
    "$ref" reference.  The value of the "$ref" property MUST be a URI
    Reference.  Resolved against the current URI base, it identifies the
    URI of a schema to use.  All other properties in a "$ref" object MUST
    be ignored.

[1] https://tools.ietf.org/html/draft-wright-json-schema-01#section-8
Schemas containing $ref MUST ignore all other properties, so just return
the reference target directly.

Because some circular references may result in an infinite loop, keep
track of the objects that have been dereferenced during the current call
to SchemaStorage and abort if the same object is encountered more than
once.
@erayd
Copy link
Contributor Author

erayd commented Jun 21, 2017

@shmax @bighappyface @mathroc
Do you think a separate PR for 5.x.x that catches infinitely-looping references is a good idea? It may have a significant impact on performance, as doing this in 5.x.x will require a large number of equality checks between objects that may be identical but are not the same instance.

The check in this PR doesn't have the same performance implications, because it only needs to check whether objects are the same instance - but this approach will not work in 5.x.x, because 5.x.x deliberately preserves properties from both the referenced schema and the referer, and returns an entirely new object.

Alternatively, if any of you have an idea for how to do this for 5.x.x in a saner way performance-wise, ideas are welcome...

@mathroc
Copy link
Contributor

mathroc commented Jun 21, 2017

I don't think it's very important to backport the infinitely-looping check to 5.x, working on 6.x and releasing seems a more appropriate use of time. especially as an upgrade to 6.x should be painless, users hitting this bug should be able to upgrade easily once released (or use dev-master before that)

@shmax
Copy link
Collaborator

shmax commented Jun 21, 2017

I agree with @mathroc. If people haven't complained of this bug before now then they're probably not hitting it, and there's no harm in waiting for 6.

@bighappyface
Copy link
Collaborator

Agreed on focusing on v6.x.x

@erayd
Copy link
Contributor Author

erayd commented Jun 22, 2017

OK - I won't worry about fixing the loop in 5.x.x then :-).

This PR is ready for review whenever you guys feel like it.

Copy link
Collaborator

@bighappyface bighappyface left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@shmax
Copy link
Collaborator

shmax commented Jun 22, 2017

👍

@bighappyface bighappyface merged commit 3948abb into jsonrainbow:6.0.0-dev Jun 23, 2017
@erayd erayd deleted the bugfix-436-ref-ignore branch June 23, 2017 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants