Restrict Schema Object with additionalProperties: false

[mohsen1]

Models in definitions should be valid JSON schema. Although we don't support some of JSON Schema features, we can still use JSON Schema meta-schema to validate those.

Right now definitions can have anything in it and it would be still valid

[webron]

Not sure what you're referring to.

definitions is defined as a map of keys to schema objects - https://github.com/swagger-api/swagger-spec/blob/master/schemas/v2.0/schema.json#L170-L176

Schema Object is defined as the acceptable fields, which are in turn defined using the json schema's json schema on fields that use exactly the same definition - https://github.com/swagger-api/swagger-spec/blob/master/schemas/v2.0/schema.json#L879-L995

So what's missing?

[mohsen1]

A Swagger like this gets validated:

swagger: '2.0'
info:
  version: "1.0.0"
  title: petstore
paths:
  /users:
    get:
      responses:
        "200":
          description:  Describe the 200 response in more detail

definitions:
  Pet:
    properties:
      name:
        type: string
    mohsen: 1 # shouldn't this be not allowed?

[webron]

JSON Schema by default is permissive. Which means, that by default, "additionalProperties": "false".

That actually makes the model definition you gave a valid one, especially if we validate against JSON Schema's json schema.

However, we are more restrictive, and in that sense I did miss "additionalProperties": false" on the schema object.

Was there anything else you encountered that you expected to not validate which validated?

[mohsen1]

usually misspelling the properties or type slips because of this.

[webron]

That makes sense. I will change the title of the issue to better describe the problem. Feel free to add any other issues you've encountered (there are a few I'm aware of - the schema doesn't allow definition of 'additionalProperties' as part of the schema. Well, it does now, because it's not restricted, but I'll add that too).