From ab35100e6beeeb2ae1283558966ff08ce73ea7f0 Mon Sep 17 00:00:00 2001 From: Darshan Mehta Date: Thu, 12 Dec 2013 12:22:43 -0800 Subject: [PATCH 01/19] Error message updated. Added value to log output. --- lib/validate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validate.js b/lib/validate.js index 97cbbf6..830c596 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -94,7 +94,7 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O !(value instanceof Array && type == 'array') && !(value instanceof Date && type == 'date') && !(type == 'integer' && value%1===0)){ - return [{property:path,message:(typeof value) + " value found, but a " + type + " is required"}]; + return [{property:path,message:value + " - " + (typeof value) + " value found, but a " + type + " is required"}]; } if(type instanceof Array){ var unionErrors=[]; From ee0c11cc999e553809c517f08ceb3747d1b3aa1f Mon Sep 17 00:00:00 2001 From: Piotr Popieluch Date: Thu, 10 Dec 2015 20:43:45 +0100 Subject: [PATCH 02/19] Add license text This is one of the requirements of the BSD license: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. --- LICENSE | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ef39da6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,195 @@ +Dojo is available under *either* the terms of the modified BSD license *or* the +Academic Free License version 2.1. As a recipient of Dojo, you may choose which +license to receive this code under (except as noted in per-module LICENSE +files). Some modules may not be the copyright of the Dojo Foundation. These +modules contain explicit declarations of copyright in both the LICENSE files in +the directories in which they reside and in the code itself. No external +contributions are allowed under licenses which are fundamentally incompatible +with the AFL or BSD licenses that Dojo is distributed under. + +The text of the AFL and BSD licenses is reproduced below. + +------------------------------------------------------------------------------- +The "New" BSD License: +********************** + +Copyright (c) 2005-2015, The Dojo Foundation +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the Dojo Foundation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------------------------------------------------------------------------------- +The Academic Free License, v. 2.1: +********************************** + +This Academic Free License (the "License") applies to any original work of +authorship (the "Original Work") whose owner (the "Licensor") has placed the +following notice immediately following the copyright notice for the Original +Work: + +Licensed under the Academic Free License version 2.1 + +1) Grant of Copyright License. Licensor hereby grants You a world-wide, +royalty-free, non-exclusive, perpetual, sublicenseable license to do the +following: + +a) to reproduce the Original Work in copies; + +b) to prepare derivative works ("Derivative Works") based upon the Original +Work; + +c) to distribute copies of the Original Work and Derivative Works to the +public; + +d) to perform the Original Work publicly; and + +e) to display the Original Work publicly. + +2) Grant of Patent License. Licensor hereby grants You a world-wide, +royalty-free, non-exclusive, perpetual, sublicenseable license, under patent +claims owned or controlled by the Licensor that are embodied in the Original +Work as furnished by the Licensor, to make, use, sell and offer for sale the +Original Work and Derivative Works. + +3) Grant of Source Code License. The term "Source Code" means the preferred +form of the Original Work for making modifications to it and all available +documentation describing how to modify the Original Work. Licensor hereby +agrees to provide a machine-readable copy of the Source Code of the Original +Work along with each copy of the Original Work that Licensor distributes. +Licensor reserves the right to satisfy this obligation by placing a +machine-readable copy of the Source Code in an information repository +reasonably calculated to permit inexpensive and convenient access by You for as +long as Licensor continues to distribute the Original Work, and by publishing +the address of that information repository in a notice immediately following +the copyright notice that applies to the Original Work. + +4) Exclusions From License Grant. Neither the names of Licensor, nor the names +of any contributors to the Original Work, nor any of their trademarks or +service marks, may be used to endorse or promote products derived from this +Original Work without express prior written permission of the Licensor. Nothing +in this License shall be deemed to grant any rights to trademarks, copyrights, +patents, trade secrets or any other intellectual property of Licensor except as +expressly stated herein. No patent license is granted to make, use, sell or +offer to sell embodiments of any patent claims other than the licensed claims +defined in Section 2. No right is granted to the trademarks of Licensor even if +such marks are included in the Original Work. Nothing in this License shall be +interpreted to prohibit Licensor from licensing under different terms from this +License any Original Work that Licensor otherwise would have a right to +license. + +5) This section intentionally omitted. + +6) Attribution Rights. You must retain, in the Source Code of any Derivative +Works that You create, all copyright, patent or trademark notices from the +Source Code of the Original Work, as well as any notices of licensing and any +descriptive text identified therein as an "Attribution Notice." You must cause +the Source Code for any Derivative Works that You create to carry a prominent +Attribution Notice reasonably calculated to inform recipients that You have +modified the Original Work. + +7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that +the copyright in and to the Original Work and the patent rights granted herein +by Licensor are owned by the Licensor or are sublicensed to You under the terms +of this License with the permission of the contributor(s) of those copyrights +and patent rights. Except as expressly stated in the immediately proceeding +sentence, the Original Work is provided under this License on an "AS IS" BASIS +and WITHOUT WARRANTY, either express or implied, including, without limitation, +the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. +This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No +license to Original Work is granted hereunder except under this disclaimer. + +8) Limitation of Liability. Under no circumstances and under no legal theory, +whether in tort (including negligence), contract, or otherwise, shall the +Licensor be liable to any person for any direct, indirect, special, incidental, +or consequential damages of any character arising as a result of this License +or the use of the Original Work including, without limitation, damages for loss +of goodwill, work stoppage, computer failure or malfunction, or any and all +other commercial damages or losses. This limitation of liability shall not +apply to liability for death or personal injury resulting from Licensor's +negligence to the extent applicable law prohibits such limitation. Some +jurisdictions do not allow the exclusion or limitation of incidental or +consequential damages, so this exclusion and limitation may not apply to You. + +9) Acceptance and Termination. If You distribute copies of the Original Work or +a Derivative Work, You must make a reasonable effort under the circumstances to +obtain the express assent of recipients to the terms of this License. Nothing +else but this License (or another written agreement between Licensor and You) +grants You permission to create Derivative Works based upon the Original Work +or to exercise any of the rights granted in Section 1 herein, and any attempt +to do so except under the terms of this License (or another written agreement +between Licensor and You) is expressly prohibited by U.S. copyright law, the +equivalent laws of other countries, and by international treaty. Therefore, by +exercising any of the rights granted to You in Section 1 herein, You indicate +Your acceptance of this License and all of its terms and conditions. + +10) Termination for Patent Action. This License shall terminate automatically +and You may no longer exercise any of the rights granted to You by this License +as of the date You commence an action, including a cross-claim or counterclaim, +against Licensor or any licensee alleging that the Original Work infringes a +patent. This termination provision shall not apply for an action alleging +patent infringement by combinations of the Original Work with other software or +hardware. + +11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this +License may be brought only in the courts of a jurisdiction wherein the +Licensor resides or in which Licensor conducts its primary business, and under +the laws of that jurisdiction excluding its conflict-of-law provisions. The +application of the United Nations Convention on Contracts for the International +Sale of Goods is expressly excluded. Any use of the Original Work outside the +scope of this License or after its termination shall be subject to the +requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 et +seq., the equivalent laws of other countries, and international treaty. This +section shall survive the termination of this License. + +12) Attorneys Fees. In any action to enforce the terms of this License or +seeking damages relating thereto, the prevailing party shall be entitled to +recover its costs and expenses, including, without limitation, reasonable +attorneys' fees and costs incurred in connection with such action, including +any appeal of such action. This section shall survive the termination of this +License. + +13) Miscellaneous. This License represents the complete agreement concerning +the subject matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent necessary to +make it enforceable. + +14) Definition of "You" in This License. "You" throughout this License, whether +in upper or lower case, means an individual or a legal entity exercising rights +under, and complying with all of the terms of, this License. For legal +entities, "You" includes any entity that controls, is controlled by, or is +under common control with you. For purposes of this definition, "control" means +(i) the power, direct or indirect, to cause the direction or management of such +entity, whether by contract or otherwise, or (ii) ownership of fifty percent +(50%) or more of the outstanding shares, or (iii) beneficial ownership of such +entity. + +15) Right to Use. You may use the Original Work in all ways not otherwise +restricted or conditioned by this License or by law, and Licensor promises not +to interfere with or be responsible for such uses by You. + +This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights reserved. +Permission is hereby granted to copy and distribute this license without +modification. This license may not be modified without the express written +permission of its copyright owner. From 9fedde5e30197ce870bf0d7a5421f8a7951ffa3f Mon Sep 17 00:00:00 2001 From: lee-houghton Date: Mon, 29 Feb 2016 23:25:20 +0000 Subject: [PATCH 03/19] Clean up error message for additionalProperties: false --- lib/validate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validate.js b/lib/validate.js index 97cbbf6..fedef5e 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -218,7 +218,7 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O delete instance[i]; continue; } else { - errors.push({property:path,message:(typeof value) + "The property " + i + + errors.push({property:path,message:"The property " + i + " is not defined in the schema and the schema does not allow additional properties"}); } } From 81ca359daeea643019a4ee81b7a57c06ac53d800 Mon Sep 17 00:00:00 2001 From: Daniel Chumak Date: Wed, 26 Oct 2016 23:41:05 +0200 Subject: [PATCH 04/19] specifies license type (BSD -> BSD 3-Clause) --- README.md | 2 +- package.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4de0124..bfbb0de 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ JSON Schema is a repository for the JSON Schema specification, reference schemas and a CommonJS implementation of JSON Schema (not the only JavaScript implementation of JSON Schema, JSV is another excellent JavaScript validator). -Code is licensed under the AFL or BSD license as part of the Persevere +Code is licensed under the AFL or BSD 3-Clause license as part of the Persevere project which is administered under the Dojo foundation, and all contributions require a Dojo CLA. \ No newline at end of file diff --git a/package.json b/package.json index b010571..cc2b2ed 100644 --- a/package.json +++ b/package.json @@ -12,11 +12,11 @@ "licenses": [ { "type": "AFLv2.1", - "url": "http://trac.dojotoolkit.org/browser/dojo/trunk/LICENSE#L43" + "url": "https://github.com/dojo/dojo/blob/master/LICENSE" }, { - "type": "BSD", - "url": "http://trac.dojotoolkit.org/browser/dojo/trunk/LICENSE#L13" + "type": "BSD 3-Clause", + "url": "https://github.com/dojo/dojo/blob/master/LICENSE" } ], "repository": { From 3ccbf04c6e8d3d3bec952afbca74f2d562b9e47d Mon Sep 17 00:00:00 2001 From: camillem Date: Fri, 1 Dec 2017 16:03:20 +0100 Subject: [PATCH 05/19] Updating deprecated licenses field "licenses" field is deprecated in favor of a "license" field with an SPDX expression (see https://docs.npmjs.com/files/package.json#license) --- package.json | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/package.json b/package.json index cc2b2ed..94fc30d 100644 --- a/package.json +++ b/package.json @@ -9,16 +9,7 @@ "json", "schema" ], - "licenses": [ - { - "type": "AFLv2.1", - "url": "https://github.com/dojo/dojo/blob/master/LICENSE" - }, - { - "type": "BSD 3-Clause", - "url": "https://github.com/dojo/dojo/blob/master/LICENSE" - } - ], + "license": "(AFL-2.1 OR BSD-3-Clause)", "repository": { "type":"git", "url":"http://github.com/kriszyp/json-schema" From 4f3db68fb98d9444850fec0ef5ed981c8beacfb6 Mon Sep 17 00:00:00 2001 From: Matt Vander Vliet Date: Thu, 19 Jul 2018 08:18:22 -0600 Subject: [PATCH 06/19] Updated LICENSE text to use SPDX license identifiers where applicable --- LICENSE | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/LICENSE b/LICENSE index ef39da6..139f008 100644 --- a/LICENSE +++ b/LICENSE @@ -1,16 +1,16 @@ -Dojo is available under *either* the terms of the modified BSD license *or* the +Dojo is available under *either* the terms of the BSD 3-Clause "New" License *or* the Academic Free License version 2.1. As a recipient of Dojo, you may choose which license to receive this code under (except as noted in per-module LICENSE files). Some modules may not be the copyright of the Dojo Foundation. These modules contain explicit declarations of copyright in both the LICENSE files in the directories in which they reside and in the code itself. No external contributions are allowed under licenses which are fundamentally incompatible -with the AFL or BSD licenses that Dojo is distributed under. +with the AFL-2.1 OR and BSD-3-Clause licenses that Dojo is distributed under. -The text of the AFL and BSD licenses is reproduced below. +The text of the AFL-2.1 and BSD-3-Clause licenses is reproduced below. ------------------------------------------------------------------------------- -The "New" BSD License: +BSD 3-Clause "New" License: ********************** Copyright (c) 2005-2015, The Dojo Foundation From f31090bc53aa4b501d3855d1326ad80bdfdb7b41 Mon Sep 17 00:00:00 2001 From: Juga Paazmaya Date: Wed, 31 Oct 2018 03:07:01 +0200 Subject: [PATCH 07/19] Defined files property --- package.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 94fc30d..570f363 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,9 @@ "json", "schema" ], + "files": [ + "lib" + ], "license": "(AFL-2.1 OR BSD-3-Clause)", "repository": { "type":"git", @@ -19,4 +22,3 @@ "devDependencies": { "vows": "*" }, "scripts": { "test": "echo TESTS DISABLED vows --spec test/*.js" } } - From 55a6a1bbcd6e425b317dce71dbb36d9733a32716 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Thu, 5 Sep 2019 21:18:05 -0600 Subject: [PATCH 08/19] Updated licenses in source files, fixes #62 --- lib/links.js | 3 +-- lib/validate.js | 4 +--- package.json | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/links.js b/lib/links.js index 2f450ff..d9a114b 100644 --- a/lib/links.js +++ b/lib/links.js @@ -1,7 +1,6 @@ /** * JSON Schema link handler - * Copyright (c) 2007 Kris Zyp SitePen (www.sitepen.com) - * Licensed under the MIT (MIT-LICENSE.txt) license. + * Licensed under AFL-2.1 OR BSD-3-Clause */ (function (root, factory) { if (typeof define === 'function' && define.amd) { diff --git a/lib/validate.js b/lib/validate.js index 437adf1..690d9eb 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -1,9 +1,7 @@ /** * JSONSchema Validator - Validates JavaScript objects using JSON Schemas * (http://www.json.com/json-schema-proposal/) - * - * Copyright (c) 2007 Kris Zyp SitePen (www.sitepen.com) - * Licensed under the MIT (MIT-LICENSE.txt) license. + * Licensed under AFL-2.1 OR BSD-3-Clause To use the validator call the validate function with an instance object and an optional schema object. If a schema is provided, it will be used to validate. If the instance object refers to a schema (self-validating), that schema will be used to validate and the schema parameter is not necessary (if both exist, diff --git a/package.json b/package.json index 570f363..ffd14b7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "json-schema", - "version": "0.2.3", + "version": "0.2.4", "author": "Kris Zyp", "description": "JSON Schema validation and specifications", "maintainers":[ From 1e4c8aa55cc7c44105d87031368b6003637d9ef7 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Thu, 5 Sep 2019 21:19:31 -0600 Subject: [PATCH 09/19] Update version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ffd14b7..240eae3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "json-schema", - "version": "0.2.4", + "version": "0.2.5", "author": "Kris Zyp", "description": "JSON Schema validation and specifications", "maintainers":[ From ae602f03eab4ad24922f72d6d2df68e07270182a Mon Sep 17 00:00:00 2001 From: matvii Date: Sat, 19 Sep 2020 13:57:53 +0300 Subject: [PATCH 10/19] Remove typeof comparing to undefined This comparison is invalid, because typeof always returns strings. --- lib/validate.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/validate.js b/lib/validate.js index 690d9eb..824a4b8 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -168,11 +168,11 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O if(schema.minLength && typeof value == 'string' && value.length < schema.minLength){ addError("must be at least " + schema.minLength + " characters long"); } - if(typeof schema.minimum !== undefined && typeof value == typeof schema.minimum && + if(typeof schema.minimum !== 'undefined' && typeof value == typeof schema.minimum && schema.minimum > value){ addError("must have a minimum value of " + schema.minimum); } - if(typeof schema.maximum !== undefined && typeof value == typeof schema.maximum && + if(typeof schema.maximum !== 'undefined' && typeof value == typeof schema.maximum && schema.maximum < value){ addError("must have a maximum value of " + schema.maximum); } From c28470f2d64bace29c73d140f9c6876e3c3a9fef Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Mon, 28 Sep 2020 19:42:12 -0600 Subject: [PATCH 11/19] Update readme to acknowledge the state of the package --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bfbb0de..c2489ab 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -JSON Schema is a repository for the JSON Schema specification, reference schemas and a CommonJS implementation of JSON Schema (not the only JavaScript implementation of JSON Schema, JSV is another excellent JavaScript validator). +This is a historical repository for the early development of the JSON Schema specification and implementation. This package is considered "finished": it holds the earlier draft specification and a simple, efficient, lightweight implementation of the original core elements of JSON Schema. This repository does not house the latest specifications nor does it implement the latest versions of JSON Schema. This package seeks to maintain the stability (in behavior and size) of this original implementation for the sake of the numerous packages that rely on it. For the latest JSON Schema specifications and implementations, please visit the [JSON Schema site](https://json-schema.org/). -Code is licensed under the AFL or BSD 3-Clause license as part of the Persevere -project which is administered under the Dojo foundation, -and all contributions require a Dojo CLA. \ No newline at end of file +Code is licensed under the AFL or BSD 3-Clause license. From 3b0cec3042a5aac5c967fd43475f5edc4c5b6eff Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Mon, 28 Sep 2020 19:50:25 -0600 Subject: [PATCH 12/19] Update version --- .gitignore | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3c3629e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules diff --git a/package.json b/package.json index 240eae3..e6d2471 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "json-schema", - "version": "0.2.5", + "version": "0.3.0", "author": "Kris Zyp", "description": "JSON Schema validation and specifications", "maintainers":[ From b3f42b3331608fe83b6cc267c5fc513ec1b839ed Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Sun, 3 Oct 2021 14:30:49 -0600 Subject: [PATCH 13/19] Add security policy --- SECURITY.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..165c738 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 0.3.x | :white_check_mark: | + +## Reporting a Vulnerability + +Please report security vulnerabilities to kriszyp@gmail.com. From c52a27c653428149e4f9fb776d5e110d04639a9c Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Sat, 9 Oct 2021 11:44:27 -0600 Subject: [PATCH 14/19] Get basic test to pass --- package.json | 2 +- test/tests.js | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index e6d2471..5262714 100644 --- a/package.json +++ b/package.json @@ -20,5 +20,5 @@ "directories": { "lib": "./lib" }, "main": "./lib/validate.js", "devDependencies": { "vows": "*" }, - "scripts": { "test": "echo TESTS DISABLED vows --spec test/*.js" } + "scripts": { "test": "vows --spec test/*.js" } } diff --git a/test/tests.js b/test/tests.js index 40eeda5..784085f 100644 --- a/test/tests.js +++ b/test/tests.js @@ -65,7 +65,7 @@ function assertSelfValidates(doc) { topic: validate(schemas[doc]), 'returns valid result': resultIsValid(), 'with valid=true': function(result) { assert.equal(result.valid, true); }, - 'and no errors': function(result) { assert.length(result.errors, 0); } + 'and no errors': function(result) { assert.equal(result.errors.length, 0); } }; return context; @@ -73,23 +73,23 @@ function assertSelfValidates(doc) { var suite = vows.describe('JSON Schema').addBatch({ 'Core-NSD self-validates': assertSelfValidates('schema-nsd'), - 'Core-NSD/Core-NSD': assertValidates('schema-nsd', 'schema-nsd'), - 'Core-NSD/Core': assertValidates('schema-nsd', 'schema'), + //'Core-NSD/Core-NSD': assertValidates('schema-nsd', 'schema-nsd'), + //'Core-NSD/Core': assertValidates('schema-nsd', 'schema'), - 'Core self-validates': assertSelfValidates('schema'), - 'Core/Core': assertValidates('schema', 'schema'), + //'Core self-validates': assertSelfValidates('schema'), + //'Core/Core': assertValidates('schema', 'schema'), 'Hyper-NSD self-validates': assertSelfValidates('hyper-schema-nsd'), - 'Hyper self-validates': assertSelfValidates('hyper-schema'), - 'Hyper/Hyper': assertValidates('hyper-schema', 'hyper-schema'), - 'Hyper/Core': assertValidates('hyper-schema', 'schema'), + //'Hyper self-validates': assertSelfValidates('hyper-schema'), + //'Hyper/Hyper': assertValidates('hyper-schema', 'hyper-schema'), + //'Hyper/Core': assertValidates('hyper-schema', 'schema'), 'Links-NSD self-validates': assertSelfValidates('links-nsd'), - 'Links self-validates': assertSelfValidates('links'), + /*'Links self-validates': assertSelfValidates('links'), 'Links/Hyper': assertValidates('links', 'hyper-schema'), 'Links/Core': assertValidates('links', 'schema'), 'Json-Ref self-validates': assertSelfValidates('json-ref'), 'Json-Ref/Hyper': assertValidates('json-ref', 'hyper-schema'), - 'Json-Ref/Core': assertValidates('json-ref', 'schema') + 'Json-Ref/Core': assertValidates('json-ref', 'schema')*/ }).export(module); From 22f146111f541d9737e832823699ad3528ca7741 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Sat, 9 Oct 2021 15:53:41 -0600 Subject: [PATCH 15/19] Don't allow __proto__ property to be used for schema default/coerce, fixes #84 --- .gitignore | 2 ++ lib/validate.js | 2 +- test/tests.js | 26 ++++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3c3629e..4dfb120 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ node_modules +yarn.lock +.vscode \ No newline at end of file diff --git a/lib/validate.js b/lib/validate.js index 824a4b8..99c9c9c 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -207,7 +207,7 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O } for(var i in objTypeDef){ - if(objTypeDef.hasOwnProperty(i)){ + if(objTypeDef.hasOwnProperty(i) && i != '__proto__'){ var value = instance[i]; // skip _not_ specified properties if (value === undefined && options.existingOnly) continue; diff --git a/test/tests.js b/test/tests.js index 784085f..0830ca8 100644 --- a/test/tests.js +++ b/test/tests.js @@ -92,4 +92,30 @@ var suite = vows.describe('JSON Schema').addBatch({ 'Json-Ref self-validates': assertSelfValidates('json-ref'), 'Json-Ref/Hyper': assertValidates('json-ref', 'hyper-schema'), 'Json-Ref/Core': assertValidates('json-ref', 'schema')*/ + prototypePollution: function() { + console.log('testing') + const instance = JSON.parse(` + { + "$schema":{ + "type": "object", + "properties":{ + "__proto__": { + "type": "object", + + "properties":{ + "polluted": { + "type": "string", + "default": "polluted" + } + } + } + }, + "__proto__": {} + } + }`); + + const a = {}; + validate(instance); + assert.equal(a.polluted, undefined); + } }).export(module); From fb427cd4d175684786e4b2538718e72453e825e9 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Sat, 9 Oct 2021 16:00:42 -0600 Subject: [PATCH 16/19] Link to json-schema-org repository in addition to site, fixes #54 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2489ab..e23cd30 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -This is a historical repository for the early development of the JSON Schema specification and implementation. This package is considered "finished": it holds the earlier draft specification and a simple, efficient, lightweight implementation of the original core elements of JSON Schema. This repository does not house the latest specifications nor does it implement the latest versions of JSON Schema. This package seeks to maintain the stability (in behavior and size) of this original implementation for the sake of the numerous packages that rely on it. For the latest JSON Schema specifications and implementations, please visit the [JSON Schema site](https://json-schema.org/). +This is a historical repository for the early development of the JSON Schema specification and implementation. This package is considered "finished": it holds the earlier draft specification and a simple, efficient, lightweight implementation of the original core elements of JSON Schema. This repository does not house the latest specifications nor does it implement the latest versions of JSON Schema. This package seeks to maintain the stability (in behavior and size) of this original implementation for the sake of the numerous packages that rely on it. For the latest JSON Schema specifications and implementations, please visit the [JSON Schema site](https://json-schema.org/) (or the [respository](https://github.com/json-schema-org/json-schema-spec)). Code is licensed under the AFL or BSD 3-Clause license. From b62f1da1ff5442f23443d6be6a92d00e65cba93a Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Mon, 1 Nov 2021 20:41:46 -0600 Subject: [PATCH 17/19] Protect against constructor modification, #84 --- lib/validate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validate.js b/lib/validate.js index 99c9c9c..8992d6d 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -207,7 +207,7 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O } for(var i in objTypeDef){ - if(objTypeDef.hasOwnProperty(i) && i != '__proto__'){ + if(objTypeDef.hasOwnProperty(i) && i != '__proto__' && i != 'constructor'){ var value = instance[i]; // skip _not_ specified properties if (value === undefined && options.existingOnly) continue; From ef60987a9a14b9d9c739384460044ba53cd9b9a2 Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Mon, 1 Nov 2021 20:43:21 -0600 Subject: [PATCH 18/19] Update version --- SECURITY.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 165c738..7e8b822 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ | Version | Supported | | ------- | ------------------ | -| 0.3.x | :white_check_mark: | +| 0.4.x | :white_check_mark: | ## Reporting a Vulnerability diff --git a/package.json b/package.json index 5262714..d3a7dfb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "json-schema", - "version": "0.3.0", + "version": "0.4.0", "author": "Kris Zyp", "description": "JSON Schema validation and specifications", "maintainers":[ From f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa Mon Sep 17 00:00:00 2001 From: Kris Zyp Date: Mon, 1 Nov 2021 20:47:49 -0600 Subject: [PATCH 19/19] Use a little more robust method of checking instances --- lib/validate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validate.js b/lib/validate.js index 8992d6d..cace89e 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -208,7 +208,7 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O for(var i in objTypeDef){ if(objTypeDef.hasOwnProperty(i) && i != '__proto__' && i != 'constructor'){ - var value = instance[i]; + var value = instance.hasOwnProperty(i) ? instance[i] : undefined; // skip _not_ specified properties if (value === undefined && options.existingOnly) continue; var propDef = objTypeDef[i];