fix(inbound-api): M2.6 review nits — legacy required default, recursion depth guard, return-validator comment (#13)
- legacy flat-array "required":"false" (string) now treated as optional (matches migration) - depth ceiling (32) on InboundApiSchema Parse/Validate recursion — guards against stack-overflow from a deeply-nested stored schema (Parse throws->400, Validate adds error) - DocOptions.MaxDepth=128 so the application-level structural guard fires before the System.Text.Json reader ceiling (each schema level = ~3 JSON reader levels) - comment the intentional ParameterValidator/ReturnValueValidator early-return asymmetry - note intentional datetime->string legacy collapse in NormalizeType - tests: legacy string-false optional, parse/validate depth ceiling, scalar return schema
This commit is contained in:
Joseph Doherty
@@ -63,6 +63,18 @@ public static class ReturnValueValidator
|
||||
return ReturnValidationResult.Valid();
|
||||
}
|
||||
|
||||
// INTENTIONAL asymmetry with ParameterValidator:
|
||||
//
|
||||
// ParameterValidator has an early-return guard for "schema.Type != object"
|
||||
// because method parameters are ALWAYS a top-level JSON object (flat map of
|
||||
// name→value); a non-object parameter schema is treated as unconstrained.
|
||||
//
|
||||
// ReturnValueValidator does NOT guard on schema.Type here. A method may
|
||||
// declare a scalar return type (e.g. {"type":"string"} or {"type":"integer"})
|
||||
// and the script is expected to return exactly that scalar JSON value.
|
||||
// Guarding on type == "object" would silently bypass validation for scalar
|
||||
// and array return schemas — do NOT add that guard here.
|
||||
|
||||
if (string.IsNullOrWhiteSpace(resultJson))
|
||||
{
|
||||
return ReturnValidationResult.Invalid(
|
||||
|
||||
Reference in New Issue
Block a user