Comments (4)
lukpueh
commented on July 28, 2024
1
Just discovered another documented, albeit (to me) unexpected behavior:
- Unrecognized keys in an object schema are allowed
>>> from securesystemslib import schema
>>> FOO_SCHEMA = schema.Object("FOO_SCHEMA", foo=schema.AnyString())
>>> FOO_SCHEMA.matches({"foo": "ABC", "bar": "interesting..."}) # Would expect to return False due to "bar"
Truefrom securesystemslib.
lukpueh
commented on July 28, 2024
- The error messages from checking schemas with the check_match method are often not helpful, because they usually don't show the value of the checked variable or lack context.
Similar observations were made in theupdateframework/python-tuf#243
from securesystemslib.
lukpueh
commented on July 28, 2024
The many check_match-calls also have an impact on performance. E.g. when delegating 16K hashed bins for warehouse, >5% of the execution time was just check_match-ing.
from securesystemslib.
lukpueh
commented on July 28, 2024
While testing a format errors on different Python versions, I just discovered another issue with the Object(Schema):
Given that in Python <3.7 the dict key order is not guaranteed, iterating over the "required" fields ...
securesystemslib/securesystemslib/schema.py
Line 750 in 1c4161e
... of a schema object in check_match may yield different error messages, if multiple required fields are missing.
securesystemslib/securesystemslib/schema.py
Lines 759 to 768 in 1c4161e
from securesystemslib.
Related Issues (20)
- fix permisssions on check-upstream-ed25519 workflow
- ed25519 upstream has new commits
- ecdsa keytypes issue, again HOT 1
- Remove legacy interfaces/implementation HOT 3
- Auto-update pre-commit plugins HOT 8
- Issues for KubeCon EU contribfest HOT 2
- review default signer & key selection HOT 3
- AzureSigner: import_ may return *unsupported* ecdsa-sha2-nistp521 scheme
- AWSSigner: may return *incorrect* ecdsa-sha2-nistp512 scheme
- SSlibKey: consider stronger validation of keytype/scheme for keyval HOT 1
- SigstoreSigner is temporarily broken HOT 2
- gpg tests fail if a yubikey is connected HOT 3
- Get a CryptographyDeprecationWarning just calling generate_ecdsa_key() HOT 2
- CryptoSigner should expose private key bytes
- 1.0 release HOT 3
- VaultSigner test unexpectedly does not depend on environment variables
- line length decision HOT 8
- modify pre-commit-config.yaml
- linter: ruff coverage HOT 3
- Collection of suppressed Ruff Linter errors to review (noqa) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securesystemslib.