Skip to content

fix: Reject string-to-number coercion in type validation#48

Merged
thced merged 2 commits into
masterfrom
fix/json-schema-type-no-coercion
May 12, 2026
Merged

fix: Reject string-to-number coercion in type validation#48
thced merged 2 commits into
masterfrom
fix/json-schema-type-no-coercion

Conversation

@thced

@thced thced commented May 12, 2026

Copy link
Copy Markdown
Contributor

JSON Schema 'type' refers to the JSON value's intrinsic kind, not whether its lexical form is parseable to another type. DefaultValidator was parsing numeric-looking strings as integers/numbers, which broke oneOf branches mixing string and number (both matched) and silently accepted strings for plain {"type": "number"} fields.

Validator is now strict; parameter values (always strings on the wire) are coerced to the schema's primitive type in RequestPreparationFilter before validation runs.

JSON Schema 'type' refers to the JSON value's intrinsic kind, not whether
its lexical form is parseable to another type. DefaultValidator was parsing
numeric-looking strings as integers/numbers, which broke oneOf branches
mixing string and number (both matched) and silently accepted strings for
plain {"type": "number"} fields.

Validator is now strict; parameter values (always strings on the wire) are
coerced to the schema's primitive type in RequestPreparationFilter before
validation runs.
@thced thced force-pushed the fix/json-schema-type-no-coercion branch from 78205ba to 2c2fcf4 Compare May 12, 2026 07:41
Reduces visual noise at mock call sites and addresses three Sonar
'add at least one assertion' findings in the new coercion happy-path
tests by verifying the downstream chain was invoked.
@sonarqubecloud

Copy link
Copy Markdown

@thced thced merged commit 713f6de into master May 12, 2026
4 checks passed
@thced thced deleted the fix/json-schema-type-no-coercion branch May 12, 2026 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant