You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the validate command uses its own logic to load schemas. This is custom, poorly tested and also can make remote URL calls to fetch non-file paths which may present a security issue.
Suggested approach is to remove the logic in the loadMetaSchemas() method and instead have that initialise the SchemaDirectory.
Then the loadSchema callback when initialising ajv will just defer to the SchemaDirectory, rather than loading any files.
That way the directory has control of what is loaded, and also any error handling logic.
ajv will still handle pulling references out - so only the schema loading features of the directory are needed.
The text was updated successfully, but these errors were encountered:
Feature Request
Description of Problem:
Currently the validate command uses its own logic to load schemas. This is custom, poorly tested and also can make remote URL calls to fetch non-file paths which may present a security issue.
This depends on #830
Potential Solutions:
Suggested approach is to remove the logic in the loadMetaSchemas() method and instead have that initialise the SchemaDirectory.
Then the
loadSchemacallback when initialising ajv will just defer to the SchemaDirectory, rather than loading any files.That way the directory has control of what is loaded, and also any error handling logic.
ajv will still handle pulling references out - so only the schema loading features of the directory are needed.
The text was updated successfully, but these errors were encountered: