From cad29ac533d73d92fa0a2bd28809faafc6b57c9a Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Sat, 5 Sep 2020 21:22:23 -0700 Subject: [PATCH 1/2] Collect unknown keywords as annotations And try to avoid memory exhaustion attacks, which were possible even with out this change but potentially more likely to happen by accident with it (e.g. unrecognized applicator with a very large subschema). --- jsonschema-core.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jsonschema-core.xml b/jsonschema-core.xml index 6288e746..946991a7 100644 --- a/jsonschema-core.xml +++ b/jsonschema-core.xml @@ -351,7 +351,7 @@ A JSON Schema MAY contain properties which are not schema keywords. - Unknown keywords SHOULD be ignored. + Unknown keywords SHOULD be treated as annotations. An empty schema is a JSON Schema with no properties, or only unknown @@ -3090,6 +3090,11 @@ https://example.com/schemas/common#/$defs/count/minimum system resources. Validators MUST NOT fall into an infinite loop. + + A malicious party could cause an implementation to repeatedly collect a copy + of a very large value as an annotation. Implementations SHOULD guard against + excessive consumption of system resources in such a scenario. + Servers MUST ensure that malicious parties can't change the functionality of existing schemas by uploading a schema with a pre-existing or very similar "$id". From b8dc7831c07500de45b719f90c14660b70dbaf56 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Sat, 26 Sep 2020 14:34:29 -0700 Subject: [PATCH 2/2] More collect unknown keywords as annotations I seem to have missed the majority of references in the previous commit. --- jsonschema-core.xml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/jsonschema-core.xml b/jsonschema-core.xml index 946991a7..2565169a 100644 --- a/jsonschema-core.xml +++ b/jsonschema-core.xml @@ -150,9 +150,9 @@ JSON Schema can be extended either by defining additional vocabularies, or less formally by defining additional keywords outside of any vocabulary. - Unrecognized individual keywords are ignored, while the behavior with respect - to an unrecognized vocabulary can be controlled when declaring which - vocabularies are in use. + Unrecognized individual keywords simply have their values collected as annotations, + while the behavior with respect to an unrecognized vocabulary can be controlled + when declaring which vocabularies are in use. This document defines a core vocabulary that MUST be supported by any @@ -351,7 +351,8 @@ A JSON Schema MAY contain properties which are not schema keywords. - Unknown keywords SHOULD be treated as annotations. + Unknown keywords SHOULD be treated as annotations, where the value + of the keyword is the value of the annotation. An empty schema is a JSON Schema with no properties, or only unknown @@ -575,7 +576,8 @@ by any entity. Save for explicit agreement, schema authors SHALL NOT expect these additional keywords and vocabularies to be supported by implementations that do not explicitly document such support. - Implementations SHOULD ignore keywords they do not support. + Implementations SHOULD treat keywords they do not support as annotations, + where the value of the keyword is the value of the annotation. Implementations MAY provide the ability to register or load handlers @@ -1237,7 +1239,8 @@ Per , unrecognized - keywords SHOULD be ignored. This remains the case for keywords defined + keywords SHOULD be treated as annotations. + This remains the case for keywords defined by unrecognized vocabularies. It is not currently possible to distinguish between unrecognized keywords that are defined in vocabularies from those that are not part of any vocabulary.