[
https://issues.apache.org/jira/browse/UNOMI-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889659#comment-17889659
]
Francois Gerthoffert edited comment on UNOMI-846 at 10/15/24 1:24 PM:
----------------------------------------------------------------------
Verified using: Apache Unomi 2.6.0.SNAPSHOT (2024-10-14 17:33:50+0000 //
1728927230409 // master // 64aa2)
Submitting an invalid schema return logs messages using the WARN level.
{code:java}
2024-10-15T13:16:35,680 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT | Schema
validation found 6 errors while validating against schema:
https://unomi.apache.org/schemas/json/events/view/1-0-0
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.source.scope for value example
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.source.itemId\n $.source.itemType\n $.source.scope
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.target.scope for value example
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.target.itemId\n $.target.itemType\n $.target.scope
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.scope for value example
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.eventType\n $.scope
{code}
This is the expected behavior, closing the ticket.
was (Author: francois g):
Verified using: Apache Unomi 2.6.0.SNAPSHOT (2024-10-14 17:33:50+0000 //
1728927230409 // master // 64aa2)
Submitting an invalid schema return logs messages using the WARN level.
{code:java}
2024-10-15T13:16:35,680 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT | Schema
validation found 6 errors while validating against schema:
https://unomi.apache.org/schemas/json/events/view/1-0-0
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.source.scope for value example
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.source.itemId\n $.source.itemType\n $.source.scope
2024-10-15T13:16:35,681 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.target.scope for value example
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.target.itemId\n $.target.itemType\n $.target.scope
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: Unknown scope value at $.scope for value example
2024-10-15T13:16:35,682 | WARN | qtp2003135035-71 | SchemaServiceImpl
| 217 - org.apache.unomi.json-schema-services - 2.6.0.SNAPSHOT |
Validation error: There are unevaluated properties at the following paths
$.eventType\n $.scope
{code}
> Change log level for json schema validation
> -------------------------------------------
>
> Key: UNOMI-846
> URL: https://issues.apache.org/jira/browse/UNOMI-846
> Project: Apache Unomi
> Issue Type: Improvement
> Reporter: Romain Gauthier
> Assignee: Jonathan Sinovassin-Naïk
> Priority: Major
> Fix For: unomi-2.6.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Hello,
> Following our first use of unomi 2.x, we're seeing that:
> - even rejection is logged as an error. I don't think that event rejection
> should be logged as an error as it is the normal behavior in many cases
> - To see why an event is rejected, it is needed to enable debug. So by
> default, we never know if unomi is being attacked or if a mistake was done in
> the payload of an event or in a schema
> I suggest to change the behavior to the following:
> - When an event is rejected because of basic validation: log a warning (or
> INFO) but do not log more, to avoid any log injection / log forging
> - When an event is rejected because of schema validation: log a warning (or
> INFO, to be discussed) + the error message of the json schema validation
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
