EventStore: Validate event schema itself (!138169) · Merge requests · GitLab.org / GitLab

Peter Leitzen requested to merge pl-event-validate-schema into master Nov 29, 2023

What does this MR do and why?

This MR ensures the validity of JSON schema definitions in EventStore event because invalid JSON schema does not validate JSON input properly.

For example:

invalid_schema = {"required"=>["project_id"], "type"=>"object", "properties"=>{"project_id"=>{"type"=>"int"}, "project_path"=>{"type"=>"string"}}}
=> {"required"=>["project_id"], "type"=>"object", "properties"=>{"project_id"=>{"type"=>"int"}, "project_path"=>{"type"=>"string"}}}
JSONSchemer.schema(invalid_schema).valid?({"project_id" => "a string"})
=> true
``

Note that `"type": "int"` is invalid but easy to miss.

Refs:
- https://gitlab.com/gitlab-org/gitlab/-/issues/351777
- https://gitlab.com/gitlab-org/gitlab/-/issues/387637

## MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

* [x] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.

<!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md -->

Edited Nov 29, 2023 by Peter Leitzen

EventStore: Validate event schema itself

What does this MR do and why?

Merge request reports